Cybercrime: Ransomware Emerges as Leading Threat in 2018, State-Sponsored Cyberattacks Gaining Momentum According to Europol
In the digital age, cyber threats continue to evolve, with state-sponsored ransomware attacks emerging as a significant concern since 2018. According to Europol's 2018 Internet Organised Crime Threat Assessment (IOCTA) report, these attacks have surged in frequency and sophistication, targeting critical sectors such as healthcare and civil aviation.
Ransomware, a type of malicious software that encrypts a victim's data and demands a ransom for its decryption, has become a pervasive threat. By 2023, 72.7% of organisations fell victim to ransomware, with an estimated annual cost to victims predicted to reach $265 billion by 2031.
Hospitals and healthcare facilities have been primary targets, with 74% of ransomware attacks directed at hospitals and 560 healthcare facilities impacted during the COVID-19 pandemic. The motivation behind these attacks is multifaceted, ranging from financial gain to disrupting national infrastructure, stealing sensitive information, or coercing governments and organisations.
The increasing prevalence of ransomware has led nations to enact stronger cybersecurity regulations. For example, Malaysia has introduced the Cyber Security Act 2024 to enhance protection of National Critical Information Infrastructure and is preparing new cybercrime legislation to address evolving threats more effectively.
Organisations are also urged to strengthen their cybersecurity defences. This includes employee training, incident response planning, and adopting backup strategies like the 3-2-1-1-0 method to minimise ransomware damage.
Meanwhile, ransomware hacker groups continue to become more sophisticated. The growing use of digital currencies, such as Bitcoin, is impeding law enforcement efforts due to encryption, loss of location, and lack of cohesive legislation on digital currencies. Money launderers are increasingly using cryptocurrencies in their operations, facilitated by new developments such as decentralised exchanges with no Know Your Customer requirements.
Cybercrimes like phishing, social engineering, and the use of encrypted messaging apps, the dark web, or other platforms less able or willing to disrupt their activity remain common. These methods are used to obtain personal data, hijack accounts, steal identities, initiate illegitimate payments, or convince victims to perform actions against their self-interest.
Cryptojacking, involving the exploitation of internet users' bandwidth and processing power to mine cryptocurrencies, is an emerging cybercrime trend. Traditional financial instruments are now being targeted by cyber-attacks, with businesses and users of cryptocurrencies becoming a new focus.
Despite a slowing growth rate, ransomware is expected to remain dominant in the near future. While most criminals prefer Bitcoin, terrorists have also used more anonymous cybercurrencies such as Zcash. West African fraudsters have evolved to adopt emerging fraud techniques, including those with more sophisticated, technical aspects.
The production of Child Sexual Exploitation Material (CSEM), including Self-Generated Explicit Material (SGEM), continues to increase, with more extreme material found on the Darknet. Criminals are migrating towards existing or newly-established Darknet markets, or to other platforms like encrypted communications apps.
In conclusion, the digital landscape is fraught with ever-evolving threats. As cybercrimes continue to grow in complexity and impact, it is crucial for individuals, organisations, and nations to remain vigilant and proactive in their cybersecurity efforts.
- The increasing complexity and frequency of ransomware attacks, a type of malicious software that encrypts data and demands a ransom for its decryption, have led to a surge in concerns within the realm of cybersecurity, technology, general-news, and crime-and-justice.
- In an effort to combat these pervasive threats, nations like Malaysia have implemented stronger cybersecurity regulations such as the Cyber Security Act 2024 to safeguard National Critical Information Infrastructure, while encouraging organisations to strengthen their defenses by improving employee training, incident response planning, and adopting backup strategies.
