DDoS , Ransomware , Risk Management

Financial Sector Under Increasing Cybercrime Threat

Europol Chief Sounds Warnings Over Ransomware, Russian-Speaking Conglomerates
Financial Sector Under Increasing Cybercrime Threat
Rob Wainwright, director of Europol, speaks Wednesday at the Web Summit conference in Portugal.

The financial sector is under increasing threat from cybercrime syndicates, warns Rob Wainwright, director of Europol, the EU's law enforcement intelligence agency.

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

"What really concerns me is the sophistication of the capability, which is becoming good enough to really threaten parts of our critical infrastructure, certainly in the financial, banking sector," Wainwright told Reuters on Wednesday on the sidelines of the Web Summit technology conference in Lisbon, Portugal.

At the same time, he said, attackers may be located remotely - based "in their bedrooms" - making it difficult to locate, identify, arrest or extradite them. He added that a majority of the cybercriminals "we are working against are Russian speaking, not just Russian."

Wainwright's critical infrastructure cybersecurity risk analysis does not represent the first time Europol has issued such a warning. The 2017 Internet Organized Crime Threat Assessment from Europol, released in September, warned that in addition to "worst-case scenarios, such as attacks on systems in power plants and heavy industry," critical infrastructure sector firms might also be felled by more mundane attacks.

"It is clear that a greater variety of critical infrastructures are more vulnerable to 'everyday' cyberattacks, highlight the need for a coordinated EU law enforcement and cross-sector response to major cyberattacks on critical infrastructure," the assessment says.

Ransomware Attacks Spike

Ransomware also remains a major concern. Wainwright said law enforcement agencies and the private sector are collectively seeing 4,000 ransomware attacks per day against consumers and businesses and that such attacks will continue to increase.

"The real threat comes from a sort of exponential, remorseless increase in the scale and significance of cybercriminal capability," Wainwright told Reuters.

"There is this sort of cybercriminal underworld that's a lot bigger and smarter and adept than most people think," he said. "And, against it, we still have generally low cybersecurity standards."

Europol has continued to highlight the ransomware threat facing individuals and organizations. "Ransomware attacks have eclipsed most other global cybercrime threats, with the first half of 2017 witnessing ransomware attacks on a scale previously unseen following the emergence of self-propagating 'ransomworms,' as observed in the WannaCry and Petya/NotPetya cases," according to the 2017 IOCTA report (see Maersk Previews NotPetya Impact: Up to $300 Million).

Unlike banking Trojans, furthermore, ransomware attacks are being unleashed against a much broader pool of victims. "Ransomware has widened the range of potential malware victims, impacting victims indiscriminately across multiple industries in both the private and public sectors, and highlighting how connectivity and poor digital hygiene and security practices can allow such a threat to quickly spread and expand the attack vector," according to the IOCTA report.

But cybercriminals don't limit themselves to unleashing ransomware. "For genuine financially motivated attacks, extortion remains a common tactic, with ransomware and distributed denial-of-service (DDoS) attacks remaining priorities for EU law enforcement," the 2017 ICOTA report notes.

Disrupting the Cybercrime Economy

Europol Director Rob Wainwright, center, speaks at a July 20 news conference announcing the seizure of the AlphaBay and Hansa darknet marketplaces.

Europol has helped law enforcement agencies notch some notable arrests aimed at disrupting not only cybercriminals, but also the broader cybercrime-as-a-service ecosystem that supplies criminals with everything from malware and infected endpoints to stolen payment card data and money laundering services.

Earlier this year, the FBI, Europol and law enforcement partners announced the seizure of both the AlphaBay and Hansa darknet marketplaces. Modeled on legitimate e-commerce forums, the marketplaces included such categories as fraud; drugs and chemicals; counterfeit items; weapons; software and malware; as well as sections for buying and selling stolen payment card data and personally identifiable information.

Crypto Debate

Despite the rise in online crime and terror attacks continuing, Wainwright said in a Web Summit panel discussion on Wednesday devoted to technology and privacy that he remains opposed to prohibiting technology companies from using strong encryption or forcing them to weaken their crypto by installing backdoors.

"Within the common understanding of what backdoor encryption means, I certainly do oppose it, because ... the logic breaks down, in that we would be deliberately engineering a vulnerability in our systems, he said. "That said, I do wish for a much closer relationship between law enforcement and the tech sector in a way that's since broken down following Snowden."

Wainwright said that law enforcement must develop its own capabilities to better investigate "online environments," but suggested that it's up to law enforcement agencies to bring the required technical and investigative expertise to bear (see FBI Still Trying to Unlock Texas Killer's Smartphone).

"I do think that under the right kind of lawful supervision, law enforcement authorities should have the power to decrypt certain devices that are held by legitimate targets, and to do that they have to develop their capability," he said.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.