Europe's Internet Organised Crime Threat Assessment 2018
Cyber experts from law enforcement, the private sector and academia have gathered in Singapore this week to devise strategies for promoting the global cybersecurity agenda.
Although cybercrime continues to be a major threat to the EU, last year again saw some remarkable law enforcement success says Europol (Image: Michal Bednarek/123rf)
ith cybercriminals using increasingly sophisticated methods and technologies to carry out their illicit activities, the Sixth Interpol-Europol Cybercrime Conference is focusing on the most pressing cyber threats today and in the future, from attacks against the financial and government sectors and the rise of ‘cybercrime as a service’ to denial of service attacks and business e-mail compromise scams.
Under the theme of ‘Globalised efforts to tackle cybercrime’, the three-day conference (September 18 – 20) will look at ways in which stakeholders from all sectors can combine their expertise to make the Internet a more secure environment. Key areas of discussion will include developing actionable cyber threat intelligence, identifying cybercriminals through their online behaviour, defining the role of digital forensics, implementing national and regional legislations to tackle cybercrime, and crisis response planning.
Following the 2017 conference, Interpol and Europol have made notable progress in addressing the key identified areas of ransomware, the criminal abuse of the Darknet, and the implementation of a proactive approach to increase public awareness of online safety. In this respect, the two organisations have discussed the need for a strategy to combat the illegal Darknet economy through information sharing, operational support, training and awareness raising.
Steven Wilson, Head of the European Cybercrime Centre (EC3), said: “2018 has seen greater law enforcement success in fighting cybercrime on a global basis and increased public awareness of the threat, but cybercriminals are becoming smarter and more targeted in their approach and presenting an ever-increasing threat.”
Several high-level delegates are attending the conference, including the European Union (EU) Ambassador to Singapore, Barbara Plinkert. In recent months, the EU has been working towards implementing a new EU Cybersecurity Crisis Response Framework, allowing authorities to react quickly, operationally and in unison in the event of a major cross-border cyber attack. The EU Law Enforcement Emergency Response Protocol, the police contribution to the crisis management structure, was presented during the event in Singapore.
Internet Organised Crime Threat Assessment
On the first day of the conference Europol published its fifth annual Internet Organised Crime Threat Assessment (IOCTA). The report offers a law enforcement view of the emerging threats and key developments in the field of cybercrime over the last year. It describes anticipated future threats and provides recommendations to law enforcement authorities in Europe to deal with these challenges.
In the introduction, Catherine De Bolle, Executive Director of Europol, notes: “The report also brings to our attention previously underestimated threats, such as telecommunication frauds, demonstrating the necessity for law enforcement to constantly adapt and develop and the need for continued training in all aspects of cybercrime.
“While some cyber attacks continue to grab headlines with their magnitude, other areas of cybercrime are no less of a threat or concern,” she adds. “Payment fraud continues to emphasise significant financial losses, criminal gains and the facilitation of other crime; while online child sexual exploitation epitomises the worst aspects of the Internet and highlights the ever present danger to our children from those who would seek to exploit or abuse them.”
This year’s IOCTA also describes a number of key legislative and technological developments, such as the introduction of the General Data Protection Regulation (GDPR), the Network and Information Security (NIS) directive and 5G technology. “While these developments are positive, all will in some way impact on our ability as law enforcement officers to effectively investigate cybercrime,” says De Bolle. “This emphasises the need for law enforcement to engage with policymakers, legislators and industry, in order to have a voice in how our society develops.”
The IOCTA highlights the challenges associated with the fight against cybercrime, both from a law enforcement and a private sector perspective.
Among its findings are that ransomware is still overtaking banking Trojans in financially-motivated malware attacks; and this is a trend anticipated to continue. “In addition to attacks by financially motivated criminals, significant public reporting increasingly attributes global cyber attacks to the actions of nation states,” notes the IOCTA.
Cybercriminals are becoming smarter and more targeted in their approach (image: Jozsef Bagota/123rf)
Mobile malware has not been extensively reported in 2017, but this has been identified as an anticipated future threat for private and public entities alike.
Illegal acquisition of data following data breaches is a “prominent threat” according to the IOCTA, which explains that criminals often use this data to facilitate further criminal activity. It notes: “In 2017, the biggest data breach concerned Equifax, affecting more than 100 million credit users worldwide,” adding: “With the EU GDPR coming into effect in May 2018, the reporting of data breaches is now a legal requirement across the EU, bringing with it hefty fines and new threats and challenges.”
The IOCTA also finds that Distributed-Denial-of-Service (DDoS) continues to plague public and private organisations: “Such attacks are used not only for financial gains, but also for ideological, political or purely malicious reason.”
The amount of detected online Child Sexual Exploitation Material (CSEM), including Self-Generated Explicit Material (SGEM), continues to increase. “Although most CSEM is still shared through P2P platforms, more extreme material is increasingly found on the Darknet,” says the report. Live Distant Child Abuse (LDCA), facilitated by growing internet connectivity worldwide, continues to be a particularly complex form of online CSE to investigate due to the technologies and jurisdictions involved.
As increasing numbers of young children have access to internet and social media platforms, the risk of online sexual coercion and extortion continues to rise, the IOCTA predicts: “The popularity of social media applications with embedded streaming possibilities has resulted in a strong increase in the amount of SGEM live streamed on these platforms.”
Other findings include the fact that card-not-present fraud remains a common issue, although it is decreasing as a result of geoblocking measures. “Toll fraud has received a considerable amount of attention this year, with criminal groups using counterfeit fuel and credit/debit cards to avoid paying toll fees,” according to the IOCTA. Many Member States also reported an increase in the creation of fake companies to access and abuse Points of Sale, as well as profit from compromised information. “Meanwhile, CNP fraud continues to be a key threat for EU Member States, with the transport and retail sectors highlighted as key targets within the EU,” it warns.
Previous IOCTAs indicated that criminals are increasingly abusing cryptocurrencies for funding criminal activities. “While Bitcoin has lost its majority of the overall cryptocurrency market share, it still remains the primary cryptocurrency encountered by law enforcement. In a trend mirroring attacks on banks and their customers, cryptocurrency users and facilitators have become victim of cybercrimes themselves.” Currency exchangers, mining services and other wallet holders are facing hacking attempts as well as extortion of personal data and theft.
The IOCTA highlights Cryptojacking as an emerging cybercrime trend. This refers to the exploitation of internet users’ bandwidth and processing power to mine cryptocurrencies.
The significance of social engineering for cyber-dependent and cyber-enabled crime continues to grow and phishing remains the most frequent form of social engineering. “Criminals use social engineering to achieve a range of goals: to obtain personal data, hijack accounts, steal identities, initiate illegitimate payments, or convince the victim to proceed with other activities, such as transferring money or sharing personal data,” explains the IOCTA.
In 2017, law enforcement agencies shut down three of the largest Darknet markets: AlphaBay, Hansa and RAMP. These takedowns prompted the migration of users towards existing or newly established markets, or to other platforms entirely, such as encrypted communications apps.
Although cybercrime continues to be a major threat to the EU, last year again saw some remarkable law enforcement success says the IOCTA: “Co-operation between law enforcement agencies, private industry, the financial sector and academia is a key element of this success.”
Among the other topics covered is the serious issue of how cyber and terrorism are converging. The IOCTA notes that: “The Islamic State’s (IS) loss of territory from 2016 to 2017 did not equate to a loss of authority among its followers or a manifest decrease in its ability to inspire attacks. Instead, the group continues to use the Internet to promote its doctrine and inspire acts of terrorism.”
The full report can be downloaded here