Europol called the main cyberthreats of 2019

Europol experts presented the results of a study of relevant cyberthreats: in fact, they named the main cyberthreats of 2019. According to analysts, the greatest danger today is the activity of cryptographers and malware, which hunt for a variety of users’ data.

According to Europol researchers, new threats do not only arise from new technologies though, as is often demonstrated, come from known vulnerabilities in existing technologies.

“This annual assessment of the cybercrime threat landscape highlights the persistence and tenacity of a number of key threats. In all areas, we see how most of the main threats have been reported previously, albeit with variations in terms of volumes, targets and level of sophistication”, — write the experts.

Ransomware and cryptographers

Currently, about 25 cryptographic families operate in European cyberspace, including the long-known Locky, Rapid, ACCDFISA. On this list, there are still malicious programs that were actually defeated – Dharma, CrySiS, GandCrab.

Most often, malware gets into the infrastructure through fraudulent emails and vulnerable RDP connections. Experts estimate that 65% of cyber groups use targeted phishing attacks. About half (48%) of malicious attachments in emails are in office files.

Researchers note that ransomware is moving from massive campaigns to targeted attacks. Attackers seek to increase their profits through carefully crafted tactics. The ransom amount that the criminals demand from the affected companies may exceed one million euros.

In addition to commercial enterprises, state organizations and entire cities are increasingly becoming victims of cryptographers. Researchers mentioned incidents in the United States when cyber attacks paralyzed municipal services in Atlanta, Baltimore, Florida, and Texas.

Europol analysts expect that in the near future, criminals can direct their efforts to European countries.

Read also: https://adware.guru/instagram-combat-phishing-mechanism/

In addition to extortion, cryptographic operators also engage in simple sabotage. According to researchers, the number of such destructive attacks doubled in the first six months, with half of the incidents in the industrial sector. Previously, vipers used only state-sponsored groups, but now such functions come across in the tools of ordinary cybercriminals.

Hunt for information

User data, whether it is the details of plastic cards, logins and passwords for online banks or copies of ID cards, are gaining more and more value in the eyes of cybercriminals. Researchers note that criminals find use of any information. Money from stolen cards goes to buy expensive electronics. Slave traders and terrorists use the stolen passport data to book airline tickets and hotels. Personnel information, corporate logins and passwords help plan phishing attacks and BEC schemes.

According to Europol, in the first half of 2019, 23 million stolen cards could be bought on the black market. As online stores taught by experience began to defend themselves against hacking, criminals are shifting activity to other sectors where users enter payment information. This is primarily the sites of hotels, postal services and car rental.

Not only the sites of organizations themselves, but also third-party resources are at risk. A considerable proportion of large leaks occurs through Amazon’s insecure cloud containers, despite the provider’s consistent efforts to simplify security settings.

Supply Chain Attacks

One of the key trends of 2019 is hacking IT providers and software providers to gain access to their customers. According to some reports, in 2018 the number of such incidents almost doubled (78%).

The reason for this is the growing popularity of cloud services and relatively small companies that offer IT products to larger organizations. Analysts cited the recent Magecart attack on website extension developers when criminals hacked a server with software distributions.

Europol experts point out that a key role in neutralizing such threats is played by the speed of reaction to the invasion. They call for strengthening the interaction between the information security industry and cybersecurity authorities in order to increase their overall resistance to cyber threats.

DDoS attacks

Disabling corporate systems is the second most popular method of pressure after attacks by ransomware. Analysts note that such incidents pose a particular danger to financial organizations that suffer not only material, but also reputational losses.

Read also: Twitter used 2FA users’ data to display targeted ads

The power of DDoS attacks is constantly growing. At the beginning of 2019, experts recorded another record when the stream of garbage requests exceeded the mark of 500 million packets per second. Already in April, specialists were faced with a more massive attack, which reached 580 million packets.

According to the researchers, law enforcement agencies are making some progress in combating these threats. In 2018, as a result of the joint operation of Europol, the UK National Anti-Crime Directorate and more than ten services, webstresser.org, one of the largest DDoS service sites in the world, was blocked. According to Europol, the consequences of this operation are still felt, and law enforcement officers continue to search , using the evidence.

Past Threats

Over the past two years, experts have noted a decline in the popularity of banking Trojans – today the damage from their activity is at a record low. At the same time, malware such as Emotet and Trickbot, whose architecture allows the installation of additional modules, still pose problems for corporate infrastructures.

Other malware families pose a significant threat to network health, including the long-known Dridex, Retefe, and the relatively new BackSwap.

With the end of cryptocurrency fever, the activity of crypto jackers has noticeably fallen. One of the main factors experts call the closure of the Coinhive service, which provided a significant share of the hidden token production. However, here, too, experts urge not to write off the threat. The advent of file-free crypto miners and new dropper worms suggests that criminals are looking for new ways to earn money from other people’s capacities

As the head of Europol, Catherine De Bolle, noted, many new threats are associated with already known technologies that remain vulnerable, despite the existence of protective patches.

“Law enforcement agencies should not focus excessively on upcoming technological changes in the world of cybercrime”, – Europol said in a press release. “A comprehensive approach is needed in the fight against cybercrime, including attack prevention, education, and resistance to cyberthreats.”