New report of the BKI
Cybercrime – 3 current threats you should be ready for!
The cyber world is evolving rapidly. While this trend brings many positive aspects, potential dangers must not be overlooked: A lot has changed in the last year, especially regarding cybercrime.
As part of the efforts to curb growing cybercrime, the Austrian Federal Criminal Police Office publishes an annual Cybercrime Report. This report analyzes information from the Cybercrime Competence Center, such as advertisements, notifications, studies, and more. In this article you get a brief overview of the most important developments and what you need to pay special attention to!
Here you can see the whole report.
Ransomware has been around for a long time and most people know how it works: Criminals take over assets, in the case of cybercrime mostly essential data, and demand a ransom for the release of this data. But in this case, too, criminals have developed new concepts to put even more pressure on their victims: Instead of simply "encrypting" the data, the data is copied by the attackers and threats are made to pass it on to the public or to competitors. This type of extortion poses a much more serious threat than the traditional method of ransomware.
For this reason, it is more important than ever to rely on a consistent and effective data protection and information security management system. This is possible, for example, by implementing international standards such as ISO 27701 (data protection), ISO 27001 (information security) or ISO 27018 (data protection for cloud services).
This particular type of DDoS attacks combines various forms of cybercrime. Here, DDoS (Distributed Denial of Service) attacks are used to make ransom demands. Cybercriminals usually use one of two methods: It is possible that a DDOS attack is carried out first, after which a ransom demand is made. However, it may also happen that ransom is demanded under the threat of a DDOS attack. In such a case, of course, it might be an empty threat - not responding is still risky. The best way to protect your company from such threats is to have comprehensive protection against DDOS and other cyber attacks. Here, too, management systems can provide support.
Crime as a Service
Crime as a Service" (CaaS) poses another major threat to organizations. According to the BKI's Cybercrime Report, this branch of cybercrime has continued to grow, and with it the risk for companies of being the victim of such an attack. Since "Crime as a Service" offers tailor-made products for dubious customers, the extent is difficult to estimate in advance: From DDOS attacks to data theft or attacks with spam emails and other attack methods, organizations in today’s day and age must be prepared. That's why proactive protection measures and a Business Continuity Management System according to ISO 22301, which deals with the rapid restoration of operations in the event of an emergency - are essential for companies that want to survive in the cyber world.
"The threats posed by all areas of cybercrime are growing year after year. For this reason, it is imperative for companies to implement structured and systematic processes, install security systems and take countermeasures. The implementation of internationally recognized, audited and field-tested standards such as ISO 27001, ISO 27701 or ISO 27017 is ideal for this purpose. They strengthen cyber risk management and communicate to customers and partners that their data security is taken seriously.",
according to Harald Erkinger, CEO of CIS.