Europol Chief Sounds Warnings Over Ransomware, Russian-Speaking Conglomerates
The financial sector is under increasing threat from cybercrime syndicates, warns Rob Wainwright, director of Europol, the EU’s law enforcement intelligence agency.
See Also: How to Scale Your Vendor Risk Management Program
“What really concerns me is the sophistication of the capability, which is becoming good enough to really threaten parts of our critical infrastructure, certainly in the financial, banking sector,” Wainwright told Reuters on Wednesday on the sidelines of the Web Summit technology conference in Lisbon, Portugal.
At the same time, he said, attackers may be located remotely – based “in their bedrooms” – making it difficult to locate, identify, arrest or extradite them. He added that a majority of the cybercriminals “we are working against are Russian speaking, not just Russian.”
Wainwright’s critical infrastructure cybersecurity risk analysis does not represent the first time Europol has issued such a warning. The 2017 Internet Organized Crime Threat Assessment from Europol, released in September, warned that in addition to “worst-case scenarios, such as attacks on systems in power plants and heavy industry,” critical infrastructure sector firms might also be felled by more mundane attacks.
“It is clear that a greater variety of critical infrastructures are more vulnerable to ‘everyday’ cyberattacks, highlight the need for a coordinated EU law enforcement and cross-sector response to major cyberattacks on critical infrastructure,” the assessment says.
Ransomware Attacks Spike
Ransomware also remains a major concern. Wainwright said law enforcement agencies and the private sector are collectively seeing 4,000 ransomware attacks per day against consumers and businesses and that such attacks will continue to increase.
“The real threat comes from a sort of exponential, remorseless increase in the scale and significance of cybercriminal capability,” Wainwright told Reuters.
“There is this sort of cybercriminal underworld that’s a lot bigger and smarter and adept than most people think,” he said. “And, against it, we still have generally low cybersecurity standards.”
Europol has continued to highlight the ransomware threat facing individuals and organizations. “Ransomware attacks have eclipsed most other global cybercrime threats, with the first half of 2017 witnessing ransomware attacks on a scale previously unseen following the emergence of self-propagating ‘ransomworms,’ as observed in the WannaCry and Petya/NotPetya cases,” according to the 2017 IOCTA report (see Maersk Previews NotPetya Impact: Up to $300 Million).
Unlike banking Trojans, furthermore, ransomware attacks are being unleashed against a much broader pool of victims. “Ransomware has widened the range of potential malware victims, impacting victims indiscriminately across multiple industries in both the private and public sectors, and highlighting how connectivity and poor digital hygiene and security practices can allow such a threat to quickly spread and expand the attack vector,” according to the IOCTA report.
But cybercriminals don’t limit themselves to unleashing ransomware. “For genuine financially motivated attacks, extortion remains a common tactic, with ransomware and distributed denial-of-service (DDoS) attacks remaining priorities for EU law enforcement,” the 2017 ICOTA report notes.
Disrupting the Cybercrime Economy
Europol has helped law enforcement agencies notch some notable arrests aimed at disrupting not only cybercriminals, but also the broader cybercrime-as-a-service ecosystem that supplies criminals with everything from malware and infected endpoints to stolen payment card data and money laundering services.
Earlier this year, the FBI, Europol and law enforcement partners announced the seizure of both the AlphaBay and Hansa darknet marketplaces. Modeled on legitimate e-commerce forums, the marketplaces included such categories as fraud; drugs and chemicals; counterfeit items; weapons; software and malware; as well as sections for buying and selling stolen payment card data and personally identifiable information.
Despite the rise in online crime and terror attacks continuing, Wainwright said in a Web Summit panel discussion on Wednesday devoted to technology and privacy that he remains opposed to prohibiting technology companies from using strong encryption or forcing them to weaken their crypto by installing backdoors.
“Within the common understanding of what backdoor encryption means, I certainly do oppose it, because … the logic breaks down, in that we would be deliberately engineering a vulnerability in our systems, he said. “That said, I do wish for a much closer relationship between law enforcement and the tech sector in a way that’s since broken down following Snowden.”
Speaking at @WebSummit on the privacy and security implications of new technology @Europol pic.twitter.com/I6vHj6NoAh
— Rob Wainwright (@rwainwright67) 8 November 2017
Wainwright said that law enforcement must develop its own capabilities to better investigate “online environments,” but suggested that it’s up to law enforcement agencies to bring the required technical and investigative expertise to bear (see FBI Still Trying to Unlock Texas Killer’s Smartphone).
“I do think that under the right kind of lawful supervision, law enforcement authorities should have the power to decrypt certain devices that are held by legitimate targets, and to do that they have to develop their capability,” he said.