Cybercrime-as-a-service is expanding, given its lucrative business model that requires basic technical skills. This is among the key findings highlighted in the 2023 Threat Report issued by cybersecurity company Sophos.
The report also notes that, in addition to the usual malware, scamming and phishing kits, cybercriminals are now selling tools and capabilities that were once reserved for the most skilled and sophisticated attackers. Ransomware-as-a-service has gotten particularly popular among threat actors, leading to a lower entry barrier for would-be criminals. As a mitigation tool, IT managers are looking at Managed Detection and Response (MDR) services to spearhead early detection and interception of attacks.
The Council of Europe’s Cybercrime Convention Committee (T-CY) has adopted a guidance note (GN) on ransomware, which outlines how the Budapest Convention and its Second Additional Protocol could be used to criminalise, investigate, and prosecute ransomware-related offences. The GN follows statements from the Convention’s Parties and Observers regarding the surge of major ransomware attacks in recent months.
The RagnarLocker ransomware has been linked to an incident in which a ransomware organisation began leaking highly sensitive data stolen from a Belgian police force in Antwerp, in what is being characterised as one of the country’s largest breaches.
‘This is a case of human error, and this is how crime reports and fine notices, but also photographs of child abuse have been leaked’, stated Chief Commissioner of Police Zwijndrecht, Marc Snels.
The number of citizens affected by the breach is unknown, but they include victims, perpetrators, witnesses, and those under surveillance, with potentially serious implications if their identities are revealed.
In an internationally coordinated action led by the UK and supported by Europol and Eurojust, 142 suspects have been arrested for allegedly running a website that offered spoofing services. These services allowed cybercriminals to impersonate trusted corporations such as banks, retail companies, and government institutions and then access sensitive information. Evidence shows that the estimated worldwide loss has been more than EUR 115 million. National authorities from the EU, Australia, and Canada supported the investigation. At the same time, Europol’s European Cybercrime Centre (EC3) provided a secure platform and was thus able to identify additional users of spoofing services.
The European Parliament website has been taken down by a DDoS attack claimed by Anonymous Russia, a member of the pro-Russian hacktivist group Killnet.
The President of the European Parliament confirmed the event, saying that the Parliament’s ‘IT experts are pushing back against it and protecting our systems’.
The attack occurred after the European Parliament designated Russia a state sponsor of terrorism and members advocated that Russia be more isolated internationally.
An extensive survey conducted in Australia in 2021 revealed that one in ten respondents had been notified of a data breach within the previous twelve months, with roughly 28% of those respondents reporting that they had been a victim of identity theft. Data breaches were mainly due to data custodians being targeted by malicious actors, or to information held by these custodians being released due to human error. Significant relationships were also discovered between data breaches and online scams and fraud, and ransomware.
The Singapore-based research team, Group-IB, has identified 34 Russian cybercrime groups responsible for distributing info-stealing malware under the stealer-as-a-service model. The cybercriminals use this type of malware to target users of Steam, Roblox, and Amazon in 111 countries, obtaining user credentials stored in browsers, bank card details, and crypto wallet information from infected computers and selling them on the dark web. Group-IB estimates that more than 890,000 devices in 111 countries in the first seven months of 2022 have been infected. The five most attacked countries are the USA, Brazil, India, Germany, and Indonesia, while the estimated value of stolen credentials is around $5.8 million.
Australian children’s charity The Smith Family suffered a cyberattack, with hackers stealing confidential information about donors including their credit card details. While no evidence points to misuse of donor information as yet, similar breaches in recent times have proven early indications to be unreliable. Supporters have been told not to click on unknown links and to check with the Australian Cyber Security Centre (ACSC) for further advice. The incident has been reported to both the ACSC and the Office of the Australian Information Commissioner.
The European Parliament has approved a set of rules, previously negotiated with the Council, to make the EU’s critical infrastructure more resilient. The legislation covers critical infrastructure sectors, including the digital infrastructure, creating stricter risk assessment rules and reporting for critical actors. In other words, ‘member states should adopt national resilience strategies, and cross-border communication should happen through designated single points of contact in each member state‘.
Kaspersky Security, a major security firm, has recently published its advanced threat predictions for 2023, identifying email servers and satellites as major cyberattack targets in the year 2023. The report states that 2023 will be characterised by destructive ‘cyberattacks of unprecedented gravity’ against governments, key industry providers, and high-profile civilian infrastructures. Another point of concern is the safety of underwater cables and fiber distribution hubs against physical attacks.
