Europe is climbing the charts, but it’s not in a desirable category for EU member countries. According to a recent NTT Security report, more than half of the world’s phishing attacks now originate from the Europe, Middle East and Africa region (EMEA).
The Netherlands is ground zero for this type of attack, having suffered 38 percent of noted phishing attacks, which is second only to the U.S. The U.K. also took second spot behind the U.S. in total number of cyberattacks. So what’s the impact of this growing European invasion?
Europe: A Breeding Ground for Cyberattacks
While the distribution and origin of attack efforts has changed, methodologies remain largely the same. As noted by CBR Online, 73 percent of all cyberattacks leveraged phishing techniques to gain access, with many relying on a combination of social engineering and poor password choices to effectively breach company networks.
What’s more, 77 percent of attacks occurred across just four industries: business and professional services (28 percent), government (19 percent), health care (15 percent) and retail (15 percent), NTT Security reported. In many cases, phishing efforts acted as precursors to ransomware infections, forcing companies to choose between holding the line and risking lost data or paying up and hoping that attackers honor their word.
But something had to give. Europe’s increasing tech savvy and rising economic clout made it the ideal place for cybercriminals to develop new techniques, improve old threat vectors and launch a new wave of cyberattacks against targets worldwide.
A Potentially New Landscape
As noted above, both the Netherlands and the U.K. feature prominently in the new threat landscape. But what sets these nations apart from their European neighbors?
“Particular areas of the EMEA, and especially the Netherlands, are known for having internet networks that are fast and reliable,” Dave Polton of NTT Security told SecurityWeek. Add in the extremely busy Amsterdam Internet Exchange (AMS-IX), and it’s the perfect place for cybercriminals looking to develop, test and deploy new phishing attacks.
Meanwhile, in the U.K., just 31 percent of businesses listed cybersecurity as a “very high” priority, and a “sizable proportion” of companies lack basic information security protections, Forbes noted. The gap between necessary cybersecurity protections and the current technology landscape makes the rise of cyberattacks inevitable. It has also helped push the U.K. into second place behind the U.S. for total attacks launched.
The nation has rolled out new cyber legislation in the form of the Investigatory Powers Act, which compels communication service providers (CSPs) to retain customer internet connection records for one year and allows law enforcement agencies to see these records without a warrant. However, security experts such as Sean Sullivan of F-Secure argued in SecurityWeek that these new powers will “be useful in a reactive way, to investigate after the fact. I do not think they will prevent.”
Last Line of Defense
The Netherlands and the U.K. are now leading the charge in both overseas phishing attacks and total attack volume. It’s not good news for security firms or enterprises, but it’s necessary knowledge. Understanding the scope of new threats is the only hope of holding the line and putting preventative measures in place.