Ransomware’s rampant – Europol gives it 43 words
"Europol perceives a need to considerably strengthen the asset recovery regime"
Ransomware continues to pose a huge threat to the operations of enterprises around the world – a snapshot of some 2021 victims thus far includes Taiwanese computer manufacturer Acer, US insurance firm CNA, and clothing retailer FatFace, to name just three well-know brands. Yet the hugely cash-generative activity earns just a 43-word paragraph in the European Union’s Serious and Organised Crime Threat Assessment, the EU SOCTA 2021.
The report, published today (April 12) by Interpol, highlights some big picture cybercrime themes, as it drills down into trends across the drugs , people smuggling and arms segments, but the increasingly profitable ransomware world (Cybersecurity Ventures estimates that an attack happens every 11 seconds, while a 2020 survey by Sophos of 5,000 IT managers found that 51% had seen their organisation hit) gets little more than a footnote.
“Ransomware has been acknowledged as a key cybercrime threat for some years now. However, the number of attacks and the level of their sophistication continues to increase. The increase in the number of attacks on public institutions and large companies is particularly notable,” Interpol notes. That’s it. (Victims wondering what law enforcement are doing to help slow the attacks would no doubt be pointed to actions like Europe's coordination of the EMOTET take-down earlier this year as among the agency's counter-cybercrime activities).
Other traditionally "analogue" crime sectors from drugs to prostitution are all digitalising fast, the report notes meanwhile: "Criminals are digital natives. Virtually all criminal activities now feature some online component and many crimes have fully migrated online. Criminals exploit encrypted communications to network among each other, use social media and instant messaging services to reach a larger audience to advertise illegal goods".
Europol’s Executive Director Catherine De Bolle said: "The intelligence picture and assessment presented in the SOCTA 2021 is a stark reminder of the dynamic and adaptable adversary we face in serious and organised crime.”
Ilia Kolochenko CEO, Founder and Chief Architect at security firm ImmuniWeb noted that the report points to how both street and organized crime are "gradually leveraging digital transformation to hinder police investigations, increase profits and expand criminal businesses globally... We are dealing with a mature, well-organized and international network of crime. Sadly, most law enforcement agencies are currently unequipped and understaffed to timely discover, intercept and decrypt digital communications from perpetrators."
Among Europol's calls to action meanwhile was a pointed note on how "perceives a need to considerably strengthen the asset recovery regime in the EU and identifies several key points for improvement."
The report notes: "Asset recovery is a process with five stages: identification, freezing, management, confiscation and disposal. From the first to the last stage, the lifecycle of a criminal asset relies on the cooperation of different protagonists, which continues to represent a challenge in practice," the agency notes.
"Europol sees a need to better integrate and align the entire asset recovery process among law enforcement, judiciary and asset management offices. In each Member State, asset recovery offices (ARO) are the specialised units for asset forfeiture. They may share their competency with other units at national level, but they are usually the main responsible units for international cooperation. From 2016 to 2020... the volume of information exchanged among EU AROs in the framework of international cooperation doubled, while staffing levels increased by 18% on average. This gap is one indicator of the difficulties for AROs to follow up on each case."