Last October Europol released their annual Internet Organised Crime Threat Assessment about the cybercrime landscape. Independent parties and industry experts have digested the information and are now providing feedback and additional insight on the data provided in the report. A related article, Europol Report on Organized Cybercrime Highlights Crypto Ransomware As Top Threat, outlines key takes and comments on the fact that technologies, such as encryption, carry with them new types of risk. In the article Raphael Reich, Vice President of CyCognito, comments on why ransomware is on the rise and he states:
“Many organizations are unintentionally opening themselves to attacks on their sensitive
data via exposed pathways in their IT ecosystems. They are unaware of these entry points
because they have not fully mapped their attack surface.
They don’t know where they have exposed servers, applications and other IT assets, and they
also don’t know when and where their third-party vendors, partners or subsidiaries leave
systems, applications and infrastructure exposed. This all creates shadow risk.”
The report’s Executive Summary states, “New threats do not only arise from new technologies but, as is often demonstrated, come from known vulnerabilities in existing technologies.”1 At CyCognito we agree. The challenge we see consistently though is that organizations are blind to many of their existing technologies and assets, and therefore the attack vectors and vulnerabilities they harbor. That’s why we strongly advocate for organizations to map their attack surface the way attackers would, so they can discover those blind spots and eliminate their shadow risk.
 Internet Organised Crime Threat Assessment, Page 8:
CyCognito research staff analyzed data aggregated from hundreds of organizations to identify the top-level shadow risk trends that businesses with modern IT ecosystems face. The results reveal that organizations have a significant number of security blind spots, and those are often a by-product of interconnectivity with partners, cloud service providers and an organization’s own subsidiaries, as well as the fact that legacy security assessment solutions do not identify these blind spots.
The CyCognito platform gathers data using a nation-state-scale botnet that continuously analyzes every internet-exposed IT asset – approximately 3.5 billion in total – and fingerprints them by looking at things as diverse as their visual elements (e.g., logos and icons), keywords and code fragments, and what software is deployed on the assets, among other identifiers. The platform uses a graph data model to represent the relationships between assets and classify the business purpose of assets.