Ransomware surges again, as cybercrime-as-a-service becomes mainstream for crooks
Europol report warns on increasingly professional nature of cybercrime and how the likes of WannaCry demonstrate how ransomware is eclipsing most other online crime.
Purchasing cybercrime-as-a-service tools for threats such as malware and DDoS is no longer just something for low level or aspiring hackers. Organised criminal gangs are taking advantage of these services as the underground criminal landscape continues to become more professionalised and mature.
But that doesn't mean ransomware attacks or phishing campaigns are going away; they're also more prolific than ever.
Europol's newly released 2017 Internet Organised Crime Threat Assessment analyses a number of the key trends in cybercrime -- with the likes of WannaCry ransomware emphasising the global nature of attacks -- and warns how the increasing willingness of professional cybercriminals to turn to crime-as-a-service schemes is set to create further risks.
Non-technical criminal groups can buy the likes of ransomware, or phishing tools to help carry out or cover traditional crimes from investigation by law enforcement.
"Crime-as-a-service is becoming more mature; it's now serious, organised crime that are using these services, this is no longer script-kiddies or youngsters sitting in their basements," said Philip Amman, head of strategy of the European Cyber Crime Centre, speaking at the launch of the report.
Put simply, no single cybercriminal organisation can specialise in every form of attack or nefarious activity, so there's an increasing market for hiring of skills or purchasing of toolsets to help facilitate criminal activity -- be they online, physical or both.
"When they require something outside their own area of competency, they need only to find someone offering the appropriate tool or service in the digital underground; they can simply buy access to what they need," says the report.
Nonetheless, while cybercriminal activity continues to professionalise and diversify, Europol notes that many attackers continue to stick to what they know -- and for many, that's ransomware, which the report says has "eclipsed" most other global cybercriminal threats.
Indeed, the first half of 2017 saw ransomware attacks on a scale never seen before, with the spread the WannaCry ransomware-worm in May, followed by the outbreak of the self-spreading Petya in June.
See also: Ransomware: An executive guide to one of the biggest menaces on the web
Europol warns how these attacks have highlighted how reliance on internet connectivity, combined with poor digital hygiene standards and practices can enable such attacks to spread far and wide -- and that many organisations need to do more to protect themselves.
"The global impact of huge cyber security events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level," said Europol executive director Rob Wainright.
Banks and other major businesses are now targeted on a scale not seen before and, while police have enjoyed success in disrupting major criminal syndicates operating online, the collective response is still not good enough.
However, despite the damage caused by the global ransomware attacks, the 2017 Internet Organised Crime Threat Assessment offers some silver-linings.
The report notes how one "unintended positive" of the global ransomware outbreaks is that it has raised awareness about the need for proper information security practices. Indeed, some in the criminal fraternity are already worried that this is the case.
But in order to combat the threat of cybercrime, Europol states that law enforcement must continue to focus on those developing and providing cyber crime and attack tools -- particularly for the likes of ransomware, malware, and DDoS attack tools.
The idea is that by taking away the ability for criminal groups to simply buy the services they need, law enforcement will be able to focus on tracking down and stopping the kingpins.
"If we can do something to prevent cybercrime from happening in the first place, that's a win. Then law enforcement can focus on the top actors that provide key services and tools -- DDoS for hire, botnets, counter-anti-virus. If we can counter that, law enforcement can focus on the main actors," said Amman.
The report identifies the No More Ransom initiative as successful example of this strategy, having provided free decryption tools to 29,000 victims and depriving criminals of an estimated EUR 8 million in ransoms. If law enforcement can make these attacks not-profitable, they will become unappealing to criminals.