The Internet Organised Crime Threat Assessment (IOCTA), put together by Europol’s European Cybercrime Centre (EC3), paints an ominous picture of the emerging threat landscape.
Here’s what you need to know at a glance.
- Australians are highly likely to get duped by a malicious URL
We’re especially susceptible to being duped.
“It is reported that, globally, Australia is one of the top five countries clicking on malicious URLs, and as a likely consequence also one of the top-five countries making connections to C2 infrastructure,” the report states, referring to servers used by hackers to communicate with compromised systems.
But the news isn’t all bad: “Australia does, however, benefit from one of the lowest mobile malware infection rates.”
- Old-school criminals are turning tech-savvy
“Criminal techniques and methods which have traditionally been associated with cybercrime are extending into other crime and threat areas. A growing range of threats, from trafficking in human beings to terrorism, are becoming increasingly cyber-facilitated.”
- In some EU countries, cybercrime is overtaking traditional crime
“The additional increase in volume, scope and financial damage combined with the asymmetric risk that characterises cybercrime has reached such a level that in some EU countries cybercrime may have surpassed traditional crime in terms of reporting.
“Some attacks, such as ransomware … have become the norm, overshadowing traditional malware threats such as banking Trojans.”
- Rent-a-hacker is on the rise
“The mature Crime-as-a-Service model underpinning cybercrime continues to provide tools and services across the entire spectrum of cyber criminality, from entry-level to top-tier players, and any other seekers, including parties with other motivations such as terrorists. The boundaries between cybercriminals, Advanced Persistent Threat (APT) style actors and other groups continue to blur.”
- Extremist groups haven’t embraced cybercrime tactics – yet
While the extent to which extremist groups currently use cyber techniques to conduct attacks appears to be limited, the availability of cybercrime tools and services, and illicit commodities such as firearms on the dark net provide ample opportunities for this situation to change, the report states.
“While such factions make extensive use of the internet, particularly social media, for the purposes of recruitment, propaganda and incitement, there is currently little evidence to suggest that their cyber-attack capability extends beyond common website defacement.”
- Criminals are cashing in with ATM malware
“EMV (chip and PIN), geoblocking and other industry measures continue to erode card-present fraud within the EU,” the report explains.
“Logical and malware attacks directly against ATMs continue to evolve and proliferate. The proportion of card fraud attributed to card-not-present (CNP) transactions continues to grow, with e-commerce, airline tickets, car rentals and accommodation representing the industries hit hardest.
“The first indications that organised crime groups are starting to manipulate or compromise payments involving contactless cards have also been seen.”
- Phishing campaigns are getting better – but sophistication doesn’t mean success
“The overall quality and authenticity of phishing campaigns has increased, with targeted [spear] phishing aimed at high-value targets – including CEO fraud – reported as a key threat by law enforcement and the private sector alike.
“It should be noted that the majority of reported attacks are neither sophisticated nor advanced. While it is true that in some areas cybercriminals demonstrate a high degree of sophistication in the tools, tactics and processes they employ, many forms of attack work because of a lack of digital hygiene, a lack of security by design and a lack of user awareness.”
- Cryptoware is leading the malware charge
“Cryptoware (encrypting ransomware) has become the most prominent malware threat, overshadowing data stealing malware and banking Trojans.
“While the Locky cryptoware did not appear until mid-February 2016 … it is expected to become one of the dominant cryptoware threats throughout 2016.”
- CEOs have emerged as a prime target
“A refined variant of spear phishing, CEO fraud, has evolved into a key threat as a growing number of businesses are targeted by organised groups of professional fraudsters. Successful CEO frauds often result in significant losses for the targeted companies,” the report states.
“There are several terms used to describe CEO fraud, including business email compromise and mandate fraud. The fraud involves an attacker contacting the victim and requesting an urgent bank transfer or a change of bank account details for upcoming transactions.
“This may be carried out through pure social engineering but the advanced forms of the compromise may be combined with hacking or even the deployment of malware. Attacks are often preceded by a substantial amount of research and reconnaissance, mapping the organisations’ structure and behaviour of potential victims.
“Criminals target senior staff to take advantage of organisational hierarchies and the fact that more junior staff are less likely to challenge senior management. The perpetrators assume the identity of the CEO, president or a managing director to send a targeted email to a person in charge of making financial decisions, such as a CFO, financial controller or accountant.”
Need advice on workplace security and protecting your business from cyber threats? Talk to one of MailGuard’s security experts: firstname.lastname@example.org.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.