The European Union Serious Organised Crime Report (SOCTA/OCTA) is published every four years, and the latest one came out on April 12, 2021. In its report, Europol covers all aspects of organized crime, but this blog post will focus on the cybercrime aspect of the report. The authors noted that cyberattacks are on the increase, and cited malware (particularly ransomware) and distributed denial of service (DDoS) as the most common types of attacks. To some extent, this is not a “news flash” for cybersecurity professionals. However, it is crucial to have agencies like Europol assess the threat landscape, as such reports validate industry observations and provide authoritative, grounded, information that serves cybersecurity professionals and business professionals alike. If any line of business managers or C-suite executives are generally dismissive of the potential for cyber-attacks on their business, a report such as this may bring the importance of cybersecurity defenses to their attention
Organized cybercrime
By reading the news, or watching movies, most people generally understand traditional organized crime gangs; extortion, revenge, and chaos have likely been around since the beginning of civilization. In our highly technological Internet-first society, criminals around the globe are taking advantage and using it as their weapons. Europol explains how organized cybercrime works: “Cybercrime services and tools can be purchased by paying a user fee, a rental fee or even a percentage of the criminal profits. The affiliate model (also known as ransomware-as-a-service) allows ransomware developers and the cybercriminals that deploy the solutions to share the criminal profits. Developers offer technical expertise and support as service providers to affiliates who are often entry-level cybercriminals that identify and infect vulnerable targets.”
Europol notes that there are several factors that are currently making it easier for cybercriminals — and their accomplices — to launch attacks:
- The world is becoming increasingly digitized, which means cybercriminals have more users, networks, and devices to leverage/victimize.
- Corporate networks are more vulnerable because pandemic telework has increased connections between corporate and private networks.
- The exponential growth of IoT devices enables criminals to hack into devices and, in some cases, harness them into malicious botnets.
- Cybercrime is more accessible to those with less technical expertise because of the proliferation of online cybercrime services for hire.
- Threat actors may use Artificial Intelligence in conjunction with existing methods to “widen the scope and scale of cyberattacks.”
What are the implications for organizations?
In Europol’s purview at least, this report indicates that both large and small organizations are at greater risk due to the increasingly sophisticated cybercrime syndicates whose pernicious behavior will take advantage of expanding attack surfaces and new technologies. As stated in the report: “Public institutions, including critical infrastructures such as health services, continue to be targeted by cybercriminals. A potential leak of data or service disruptions in these sectors could result in very high financial and social costs.”
However, as larger corporations take steps to improve their cybersecurity defenses, threat actors continue to target organizations that have poor cyber security methods in place or those who don’t have as many resources (staff or budget) to protect themselves. For these reasons, many smaller organizations seek to outsource their cybersecurity needs to a Managed Security Service Provider.
Criminals often combine ransomware and DDoS attacks
On the subject of DDoS attacks, the Europol report states that “Cybercriminals orchestrate persistent attacks which might be followed by ransom requests offering to cease the attack in exchange for a payment. Cybercriminals now increasingly target smaller organizations with lower security standards. However, they continue to attack public institutions and critical infrastructures as well.” Europol’s observations match what we at Corero have reported, and forecasted, in recent years: an increase in the frequency and sophistication of attacks. Given Europol has found that DDoS ranks in the top two most common forms of cyberattack, organizations of all sizes should ensure that they have always-on, automated, real-time DDoS mitigation to protect their Internet-facing applications.
For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. If you’d like to learn more, please contact us.