Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Europol report highlights latest cybercrime threats

Cyber threats have multiplied and fragmented over the past year, with ransomware groups increasingly targeting small and medium sized businesses because their defences are weaker. Millions of victims across the EU were attacked and exploited online every day in 2023, Europol said. Victims were targeted through phishing campaigns, business email compromise (BEC), investment and romance fraud. The findings come from Europol’s latest Internet Organised Crime Threat Assessment (IOCTA) report.

Multi-layered extortion tactics are increasingly common, with stolen data at risk of being published and auctioned. Europol said this means people can fall victim to cybercrime multiple times. It found that many ransomware operations splintered partly because police forces had broken up larger gangs. Law enforcement actions against dark web marketplaces also shortened the lifecycle of criminal sites, Europol said. Help Net Security’s account of the findings led with those successes against crime groups.

Inevitably, AI featured as a cybercrime risk this year. Europol noted that the technology is lowering the barrier to entry for criminals, with some offenders seeming to be underage. The technology is also used to create child exploitation material, the agency warned. The full report is free to download.

Data protection and privacy newsround: AI Act’s reach and very personal data

Six years after the EU GDPR came into force, only 15 per cent of businesses in Ireland say they’re fully compliant with the regulation. That’s despite 82 per cent feeling that the risks linked to GDPR non-compliance are rising, and 59 per cent are worried about possible fines for non-compliance. Six out of 10 are concerned about the impact of forthcoming rules like DORA, the AI Act, the Data Governance Act, NIS2 and others. The data comes from a survey of 106 organisations in Ireland by Ipsos B&A for Forvis Mazars and McCann Fitzgerald. It found that 58 per cent of firms describe themselves as “materially compliant”, and 25 per cent were “somewhat compliant”. Over 80 per cent of businesses say they plan to improve their compliance. And here’s a reminder that the European Data Protection Board has a free tool to check websites for GDPR compliance.

Speaking of playing by the rules, AI tools look set to be a battleground with privacy regulators. Already this summer, Ireland’s Data Protection Commission took X (formerly Twitter) to court to stop it from using European users’ personal data to train its AI chatbot called Grok. Other tech companies like Meta are claiming an uncertain regulatory environment as the reason for not launching AI products. Expect more back-and-forth on this issue over the coming months.

In other privacy news, Wired has a great story about a former Google engineer who has created a way to search for privacy violations that collect and track people’s personal information without permission. And staying with Google, the company has shelved plans to ban cookies on its Chrome browser. Instead, it will offer consumers the option to accept the trackers or not.

Death by ransomware?

Prophets of doom in cybersecurity have warned for some time that security incidents would lead to fatalities. Now, are their warnings coming true? A white paper from the University of Minnesota, Hacked to Pieces, found that ransomware increases in-hospital mortality for patients. That finding comes with some heavy caveats, though: natural disasters and pandemics also lead to similar rises in deaths. And the figures refer to patients who were already admitted before the ransomware hit. So a statement like ‘ransomware causes deaths’ is still a big stretch. (Not that that’s ever stopped people.)

What’s not in doubt is that ransomware groups see the health sector as an easy target. In June, a UK pathology services company Synnovis, was hit with ransomware which disrupted frontline care in several UK hospitals. Meanwhile the non-profit Michigan group McLaren Health Care was hit with ransomware for the second time in two years. With revenues of more than €6.5 billion, it’s not hard to see why it’s an attractive target for criminals. McLaren’s 2023 breach led to the disclosure of records involving 2.2 million people. When European Commission President Ursula von der Leyen was campaigning for a second term, she promised a cybersecurity action plan for hospitals and healthcare groups.

Links we liked

“We don’t need more security products, we need more secure products.” MORE

Ireland has published its National Cyber Emergency Plan. MORE

How resilient are Europe’s telecoms and power sectors to cyber incidents? MORE

The Irish domain registry asks if Ireland is ready for EU cyber regulations. MORE

Windows Security best practices for integrating and managing security tools. MORE

Wired shows how infostealers are grabbing passwords from everywhere. MORE

This briefing paper assesses AI’s impact on malicious software. MORE

The shipping news: maritime industry sees rise in cyber attacks. MORE

Email scams cost Irish businesses nearly €10 million in 2023. MORE

An unexpected AI hot take: “Too much spend, too little benefit.” MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.

Sign up here

About the Author: admin

Let’s Talk

Head Office

The LINC Centre,
Blanchardstown Road North,
Dublin 15, Ireland

Email

info@bhconsulting.ie

Call

+353 1 440 4065

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields

Name*
This field is for validation purposes and should be left unchanged.