Ransomware continues to be the biggest malware threat to
businesses around the world, but mobile threats and crypto-jacking are emerging
as serious challenges, according to Europol.
The law enforcement
organization’s annual Internet Organised Crime Threat Assessment (IOCTA)
provides a good snapshot of current industry trends. It reflects the
findings of many security vendors: that ransomware is slowing but still
the most widespread financially motivate threat out there, ahead of banking
Trojans — and will be so for several years.
DDoS attacks were second only to
malware in terms of volume in 2017, as infrastructure becomes more “accessible,
low-cost and low-risk.”
On the wane as a means of
infection are exploit kits, with “spam, social engineering and newer methods
such as RDP brute-forcing coming to the fore.”
Europol also highlighted the
emerging threat of crypto-jacking as one to watch, as it offers cyber-criminals
a “regular, low risk revenue stream.” Mobile malware was also flagged.
“Mobile malware has not been
extensively reported in 2017, but this has been identified as an anticipated
future threat for private and public entities alike,” said the report.
As for the underground
economy fueling these threats, Europol claimed success in shutting down three
major marketplaces in 2017 and said that nine others closed or “exit
scammed." However, new sites have unsurprisingly emerged to take their
place.
“The almost inevitable
closure of large, global darknet marketplaces has led to an increase in the
number of smaller vendor shops and secondary markets catering to specific
language groups or nationalities,” the report explained.
Javvad Malik, security advocate at AlienVault,
said the report is a good validation of many of the trends security experts in
the vendor and research community are seeing.
“Collaboration appears to be
one of the biggest and most prominent takeaways. Being able to establish
trustworthy channels to collaborate and share information and intelligence is
vital,” he continued.
“Notable by its omission,
there is no mention of the role of bots by organized crime and state to push
agendas and misinformation, even though there are increasing industry studies
that points to these as being tools in the arsenal of attackers.”
No comments:
Post a Comment