Ransomware top threat from cybercrime ‘taken to another level’

Law enforcement has been urged to maintain pressure on people developing cybercrime tools in response to a year of attacks on an “unprecedented” scale. Ransomware attacks have eclipsed most cybercrimes to become the number one online threat in 2016/17, Europol claims. This model – used in the WannaCry attack in May that crippled parts of the NHS – has exploded in popularity with some reports suggesting a 750 per cent increase on the previous year. The past 12 months also saw the first serious attacks by ‘botnets’ created from insecure Internet of Things devices, and Europol predicts these will become increasingly common. Director Rob Wainwright has called on law enforcement to continue targeting perpetrators and adapt to the changing cyber threat. He said: “The global impact of huge cyber security events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level. “Banks and other major businesses are now targeted on a scale not seen before and, while Europol and its partners in policing and industry have enjoyed success in disrupting major criminals operating online, the collective response is still not good enough. “In particular people and companies everywhere must do more to better protect themselves.” Every single EU member state reported a growing number of ransomware cases in 2016/17, according to Europol’s annual Internet Organised Crime Threat Assessment. The attack model – which involves criminals remotely locking their victims’ devices and demanding payment to release them – is now being run as a ‘service’ typically targets hospitals, law enforcement agencies and government departments. This growth coincided with the emergence of self-propagating ‘ransomworm’ software that automatically spreads to infect other devices. Europol listed use of ransomworms as a key factor in the success of the WannaCry attack in May that rapidly compromised up to 300,000 victims in more than 150 countries. However, despite its considerable impact on services including the NHS, less than one per cent of victims paid the ransom. The following month, another global attack using some of the same exploits as WannaCry reportedly hit more than 20,000 machines across Europe, Asia, North and South America and Australia. The report also warned of a shift towards use of new malware delivery methods such as botnets as law enforcement action prompted a decline in traditional techniques. Botnets comprise a network of infected computers that cybercriminals can use without their owners’ knowledge – often to access a website en masse to knock it offline in a distributed denial of service (DDoS) attack. DDoS attacks were the most commonly reported attack against EU critical infrastructure last year with more than 20 per cent of countries reporting cases. In September, an “extremely large and unusual” DDoS attack took down a security researcher’s website by using a botnet made up of 150,000 devices infected with the ‘Mirai’ malware. This same botnet was later used to severely affect internet access on the US’s west coast. Europol predicts that DDoS attacks will grow in scale in the near future with the creation of ever more ‘Internet of Things’ devices. However, it also highlighted that attackers are increasingly resoirting to “old school” delivery methods such as infected email attachments. It added that terrorists’ capacity to launch cyber-attacks remains limited. Julian King, EU Commissioner for the security union, said: “This report shows online crime is the new frontier of law enforcement. “We’ve all seen the impact of events like WannaCry: whether attacks are carried out for financial or political reasons, we need to improve our resilience and ensure cybercrime does not pay.”