GDPR-based extortion could be the next cybercrime trend

Could the threat of reporting a company for GDPR noncompliance be a new revenue stream for cybercriminals?

Ransomware is so 2017. The popularity of cryptojacking malware ebbs and flows depending on the price of the currencies they mine. Even DDoS attacks are flat after a memcache-based spike earlier in the year. A new report from Malwarebytes said the last few months have been a “slow quarter” due to a “lull” in cybercrime activity.

But now that the World Cup is over and criminals are going back to work, could the recently-enacted General Data Protection Regulation (GDPR) offer up new potential scareware revenue streams?

With many companies yet to achieve full compliance the EU’s GDPR and the threat of large fines looming, some cyber-experts predict criminals could earn money in exchange for their silence. 

 

GDPR extortion campaigns could be on the horizon

GDPR came into force on 25th May 2018. In the run-up to the new regulations going into force, phishing emails pretending to be from the likes of Apple, Airbnb, and Natwest hoovered up details of customers clicking through to fake links, proving that criminals are well aware of the new legislation.

But now that the regulations have come into force and most consumers have largely forgotten about GDPR (if they ever cared in the first place), the opportunity is ripe to move onto businesses who will be all too aware of the risks.

To continue reading this article register now