On Tuesday 18 September, Europol published its annual assessment of current and future cybercrime threats. Prevailing trends involve the following: cyber-attacks by way of ‘ransomware’.
Ransomware consists of stealing confidential information from companies or users' data by way of malware software applications as a means to extort money in exchange for recovering the stolen data.
According to Europol this kind of software has become a standard cybercrime tool. The report emphasises that “By 2017 the number of ransomware families had exploded, their impact significantly overshadowing other malware”. The damages caused by this tool are said to have increased by 15 fold over the course of the past two years.
According to the agency's forecasts, this upward trend does not appear to be slowing down any time soon. Europol considers that the entry into force of the General Data Protection Regulation (GDPR) could lead to a rise in cyber-extortion.
The new legislation is effectively planning to flag up personal data violations within 72 hours. Failure to do so could lead to substantial fines of up to €20 million or 4% of a company's global annual turnover. According to Europol, this could create situations where the companies that have been pirated would prefer to pay a ransom that is lower than the cost of the fine imposed by their respective national authority.
The evolution of virtual currencies and the increasing levels of anonymity are also expected to constitute another factor for increasing ransoms extorted in this way, with a risk/reward relationship that is much higher in virtual currencies then in euros. Europol is also forecasting a potential increase in mobile malware whereby users be moving from online banking services to mobile banking services.
Europol says that it is difficult to predict the likelihood of another high-level cyber-attack, such as the 'NotPetya’ and ‘Wannacry’, which affected several European countries last year (see EUROPE 11818).
Nonetheless, the report explains that if this kind of attack is repeated, it would be less motivated by financial consideration than the motives of certain nation states themselves.
In an effort to tackle these new challenges, Europol is recommending increased and enhanced cooperation between international detection and police services, private sector companies, academia and other stakeholders.
The report can be consulted at the following link: https://bit.ly/2D5vba8. (Original version and French by Marion Fontana)