European police agency Europol says the threat from ransomware has now eclipsed other forms of online theft. Ransomware works by taking computers hostage, encrypting the files on victims' hard drives until they cough up the money demanded to unscramble the data.
Hospitals, government agencies and even police forces the world over have fallen victim to the scam, which is usually spread through booby trapped links or attachments. More recently, researchers are warning of a new, self-propagating strain of ransomware that can spread without human interaction.
In the 2016 Internet Organised Crime Threat Assessment (IOCTA) report released Wednesday, Europol said ransomware was "overshadowing traditional malware threats, such as banking Trojans".
According to the report, the mature Crime-as-a-Service model underpinning cybercrime continues to provide tools and services across the entire spectrum of cyber criminality, from entry-level to top-tier players, and any other seekers, including parties with other motivations such as terrorists. The boundaries between cybercriminals, Advanced Persistent Threat (APT) style actors and other groups continue to blur. While the extent to which extremist groups currently use cyber techniques to conduct attacks appears to be limited, the availability of cybercrime tools and services, and illicit commodities such as firearms on the Darknet, provide ample opportunities for this situation to change.
In addition to ransomware, banking Trojans remain top malware threats, Europol says. Peer-to-peer networks and forums on the Darknet continue to facilitate the exchange of child sexual exploitation material (CSEM); while both self-generated indecent material (SGIM) and content derived from the growing phenomenon of live-distant child abuse, further contribute to the volume of CSEM available.
EMV (chip and PIN), geoblocking and other industry measures continue to erode card-present fraud within the EU, forcing criminals to migrate cash out operations to other regions. Logical and malware attacks directly against ATMs continue to evolve and proliferate. The proportion of card fraud attributed to card-not-present (CNP) transactions continues to grow, with e-commerce, airline tickets, car rentals and accommodation representing the industries hit hardest.
The first indications that organised crime groups (OCGs) are starting to manipulate or compromise payments involving contactless (NFC) cards have also been seen.
The overall quality and authenticity of phishing campaigns has increased, with targeted (spear) phishing aimed at high value targets - including CEO fraud - reported as a key threat by law enforcement and the private sector alike.
DDoS attacks continue to grow in intensity and complexity, with many attacks blending network and application layer attacks. Booters/stressers are readily available as-a-service, accounting for an increasing number of DDoS attacks. While other network attacks aimed at exfiltrating data continue to focus on financial credentials, there is a growing trend in the compromise of other data types, such as medical or other sensitive data or intellectual property for other purposes.
Cryptocurrencies, specifically Bitcoin, remain the currency of choice for much of cybercrime, whether it is used as payment for criminal services or for receiving payments from extortion victims. Even so, key members of the Bitcoin community, such as exchangers, are increasingly finding themselves the victim of cybercriminals.
The growing misuse of legitimate anonymity and encryption services and tools for illegal purposes poses a serious impediment to detection, investigation and prosecution, thereby creating a high level of threat cutting across all crime areas.
The complete report is accessible here.