Recently a white paper came out discussing the state of crime in cyber from IOCTA 2017.   It was released from Europol so it focuses on Europe.    Since we love to devour this type of data at FocusPoint, we thought we would share our impressions of the report.

You can download the report here.

First a little about the Europol report.   Its 96-page report is the 4th annual presentation of the cybercrime threat.   It’s mainly focused on law enforcement and the changes of threats over the past year.

  • Cybercrime is increasing at a surprising rate.
  • Extortion remains a common tactic with ransomware and DDoS attacks as the priorities of EU law environments. It states that ransomware attacks are the largest amount of threats they are seeing and have surpassed all other.  Some report a 750% increase in ransomware.
  • It also spoke of a decline of exploit kits. This means in our opinion that more sophisticated crime organizations are conducting the threats.   It also has pushed malware developers to rely on other infection methods such as social engineering and spam botnets.
  • It appears that the IoT things are starting to take hold with the success of the Marai malware. If  you aren’t familiar with Marai malware it took control of 150,000 routers and CCTV cameras and made them into a DDoS botnet.
  • Inadequate IT security continues pervade the industry.
  • Social engineering techniques are still one of the most pervasive tactics. Training of employees still needs to be reinforced.
  • A report on the darkweb showed that hiring a hacker for a 5-minute attack on an organization can cost as little as $5.
  • The report listed the largest data breaches affecting Europe. What is amazing is the breaches are occurring so frequently now that many of these breaches never reached national media interest.   Breaches are almost becoming white noise to the media now.
  • The absence of any major cyber-attacks by terrorist organizations was interpreted as the result of not enough technical skills. This begs the question, when will these terrorist organizations have access to these technical skills?  It doesn’t seem far-fetched to believe it’s not a question of if but a question of when.

Overall it was a very interesting read.   I would highly recommend spending the time to read if cyber security is a passion of yours.