When it comes to the threat landscape it’s very easy to get distracted by the more eye-catching attacks. But while these might make for good headlines, and could even help some niche vendors to sell “silver bullet” solutions, there’s actually more continuity in terms of the cyber threats facing firms today than one might think. That fact is borne out by Europol’s latest annual Internet Organised Crime Threat Assessment (IOCTA) report. While there aren’t many surprises in there, it represents a sober assessment of the situation on the ground.Europol’s IOCTA has one goal in mind: “to stop cyber-criminals from making you their next victim.” @philmuncaster discusses the report in this Barracuda blog post. Click To Tweet
If nothing else, it should be another prompt for organisations to ensure they have suitable measures in place to cope with ransomware, DDoS, phishing and the like. This should be complemented by web server and other controls to mitigate an emerging threat to e-commerce providers: digital skimming.
Ransomware set to last
Europol’s IOCTA is a pretty accurate assessment of the past 12 months. It claims to have one goal in mind: “to stop cyber-criminals from making you their next victim.” As such, the warnings are of ransomware as the leading financially motivated attack technique used today, beating banking trojans into second place. Europol claims this trend will continue over the coming years. Exploit kits have continued to wane in popularity of late as social engineering, including phishing, and even brute-forcing of RDP become more popular threat vectors. Crypto-jacking and mobile malware are emerging, says Europol, while DDoS is a growing threat thanks to the flourishing cybercrime economy which is making attacks even easier, lower-risk and lower-cost.
In fact, the apparent resilience of the global underground economy should be noted by all security professionals. While there remains a huge enabling dark web platform and a financial incentive for cyber-criminals, attacks will continue unabated. Even though law enforcers have succeeded in some high profile take-downs of late, this has only led to a surge in smaller “vendor shops” and secondary markets catering to specific language groups or nationalities, according to the report.
This makes it more important than ever to ensure your cybersecurity is fit for purpose. But that’s not all. While IOCTA represents a good round-up of recent threat trends, there is one notable omission: Magecart.'Crypto-jacking and mobile malware are emerging, says @Europol, while DDoS is a growing threat thanks to the flourishing cybercrime economy which is making attacks even easier, lower-risk and lower-cost.' ~@philmuncaster Click To Tweet
Focus on web security
Experts suspect some form of cross-site scripting, although it’s unclear exactly how the victim organisations’ web servers ended up getting compromised. That said, it’s probably another good opportunity to revisit some security basics. These include:
- Pen testing web infrastructure
- Vulnerability testing and regular patching of servers
- Employee phishing awareness training/education
- Log analysis to spot signs of unusual behaviour
- Multi-factor authentication on admin accounts and restricted access controls/privileges
- Scanning/assessment of any third-party code
- Properly configured Content Security Policy (CSP) headers to stop cross-site scripting
- IPS/IDS to block exfiltration of stolen data to third-party domain
It’s believed that millions of customers may have been affected by these digital skimming attacks. They’re designed to stay hidden, so the hackers can monetise the data before security teams even discover the snippet of malicious code sitting on their site. That’s bad news all around, especially in the new GDPR era.
Magecart most definitely falls under the “eye-catching” category of threats. But attacks are coming thick and fast, so if you accept payments, it’s worth revisiting your web security controls. That said, this multi-layered security message also applies to virtually every threat highlighted by Europol. Ultimately, the extra effort and investment required to mitigate evolving cyber risk is the price we pay for digital transformation.
For a free trial of Barracuda security solutions, visit www.barracuda.com.'The leading financially motivated attack technique used today is ransomware, pushing banking trojans into second place.' @philmuncaster on the @europol #IOCTA report dataClick To Tweet
Phil Muncaster is a technology writer and editor with over 12 years’ experience working on some of the biggest technology titles around, including Computing, The Register, V3 and MIT Technology Review. He spent over two years in Hong Kong immersed in the Asian tech scene and is now back in London where information security has become a major focus for his work.