While critical infrastructure has been targeted by sophisticated threat actors, attacks that rely on commonly available and easy-to-use tools are more likely to occur, said Europol in its 2017 Internet Organised Crime Threat Assessment (IOCTA).
The report covers a wide range of topics, including cyber-dependent crime, online child exploitation, payment fraud, criminal markets, the convergence of cyber and terrorism, cross-cutting crime factors, and the geographical distribution of cybercrime. According to the police agency, we’re seeing a “global epidemic” in ransomware attacks.
When it comes to critical infrastructure attacks, Europol pointed out that the focus is often on the worst case scenario – sophisticated state-sponsored actors targeting supervisory control and data acquisition (SCADA) and other industrial control systems (ICS) in power plants and heavy industry organizations.
However, these are not the most likely and most common types of attacks – at least not from a law enforcement perspective as they are more likely to be considered threats to national security. More likely attacks, based on reports received by law enforcement agencies in Europe, are ones that don’t require attackers to breach isolated networks, such as distributed denial-of-service (DDoS) attacks, which often rely on easy-to-use and widely available tools known as booters or stressers.
While these types of attacks may not lead to a shutdown of the power grid, they can still cause serious disruptions to important utilities and services.
Ransomware is also likely to hit critical infrastructure. The recent WannaCry and NotPetya attacks are a great example, and while the jury is still out on whether they are “everyday malware,” there are plenty of other known attacks that involved ransomware and caused serious disruptions in sectors such as healthcare, law enforcement and transportation.
According to Europol, DDoS was the most commonly reported attack to law enforcement in the European Union, with reports coming from more than 20% of EU countries.
“While DDoS is often a tool for extortion, the lack of communication from the attackers may suggest that these attacks were of an ideological nature,” Europol said in its report. “Although European law enforcement recorded an increasing number of these attacks last year, they also note that they only had moderate, short-lived impact.”
Attacks believed to have been carried out by advanced persistent threat (APT) actors are the second most reported type of incidents in the EU.
“While less than 20% of Member States report cases involving APTs, those that do report that these are high impact attacks, and that they are almost universally becoming more prevalent each year, a view echoed by internet security experts,” said the police agency.
The most targeted were the financial and government sectors, with many of the attacks relying on social engineering to trick individuals within victim organizations into facilitating entry.
As for the origin of threats targeting Europe’s critical infrastructure, attacks known to law enforcement have come from Russia, Africa and Asia.