Spam campaigns are all but dead. But lucrative targeted low-risk, high-yield cyber-attacks have risen to take their place, according to the European Union law enforcement agency Europol.
The whole idea behind spam campaigns was to send mails containing malicious attachments or links to millions of email addresses at once, hoping a fraction of a percent of them would become victims. But, why do that, when you can make more money targeting specific businesses or governments to pay you, or – better yet – to use their machines to work for you?
This is the reality painted by Europol’s latest Internet Organized Crime Threat Assessment 2018 report. According to their findings:
- Phishing continues to increase and remains the primary form of social engineering
- Europol expects ransomware attacks to become more targeted over time
- Cryptojacking is expected to become a regular, low-risk revenue stream for cybercriminals, and may overtake ransomware as the number one threat
- The use of Remote Access Trojans (RATs) are still a danger in campaigns used against businesses and governments, despite a decline in use
According to the report, “As we have seen with other cyberattacks, as criminals become more adept and the tools more sophisticated yet easier to obtain, fewer attacks are directed towards citizens and more towards small businesses and larger targets, where greater potential profits lie.”
It's simple math, despite the mass numbers of emails used in spam campaigns, cybercriminals are finding targeted attacks to be more lucrative.
With phishing being the primary attack vector, organizations need to shore up security, educating users with Security Awareness Training to teach them how to spot a phishing attack, attempts to install malicious software, and potentially weaponized websites – and how to respond to avoid becoming a victim.
Your users are quickly becoming the target; it’s time to take steps now before an attack occurs.