Referring to the rate of its growth and sophistication, Director of Europol Robert Wainwright says cybercrime is becoming a “remorseless” force of nature behind the 4,000 ransomware attacks a day. A force, he noted, that is becoming ever more technologically sophisticated — and thus an ever-larger threat to critical parts of the financial sector.
Criminals on the web, Wainwright says, are no longer lone wolves operating alone — in many cases they are building highly specialized “conglomerations” with organized corporate structures designed to make carrying out attacks on legitimate business more friction-free. Last year, police authorities in several countries arrested a host of criminals groups that had created a “service-based economy” for the rest of the criminal market, such as providing ways to launder money or sell drugs online.
“What really concerns me is the sophistication of the capability, which is becoming good enough to really threaten parts of our critical infrastructure, certainly in the financial, banking sector,” he told Reuters.
And the systems, he noted before alluding to the WannaCry attacks over the summer, are only getting more effective. WannaCry, Wainwright said, changed the dynamic of such attacks by making the attacks bigger, deeper and more extortion-oriented. Why steal by hacking when you can use your hacking skills to get someone to just give you their funds?
“The real threat comes from a sort of exponential, remorseless increase in the scale and significance of cybercriminal capability,” Wainwright said on the sidelines of the Web Summit technology conference in Lisbon.
He further observed that there “seems to be a doubling, or tripling, of one kind of threat or another, in terms of scale.”
The problem, he noted, is that unlike other criminals, cyber criminals can do all their work “in their bedrooms,” making it difficult to find them.
“There is this sort of cybercriminal underworld that’s a lot bigger and smarter and adept than most people think,” Wainwright said. “And, against it, we still have generally low cybersecurity standards.”