Cybercrime: Ransomware, CEO Fraud Still Going StrongCybercrime Services Support Child Exploitation and Terrorism, Europol Warns
Drawn by the promise of faster, less expensive and more effective crime-committing capabilities - with lower risk - and backed by the easy availability of "as a service" offerings, more criminals than ever have been operating online.
See Also: Ransomware Recovery in the 'New Normal'
That's one takeaway from the Internet Organized Crime Assessment for 2016, which finds - perhaps unsurprisingly - that there's more online crime than ever.
The new report, from the EU's law enforcement intelligence agency, Europol, notes that online criminality ranges from ransomware and cyber extortion to distributed denial-of-service attacks and the criminal abuse of internet of things devices.
And in some European countries, online crime reports now appear to have surpassed conventional crime reports, Europol says.
"Effectively, criminals are simply swapping conventional crime for cybercrime," says University of Surrey computer science professor Alan Woodward, a Europol cybersecurity adviser who is co-author of the new report. "Why walk into a bank with sawed-off shotgun when you can phish for money?"
Criminals continue to innovate. Examples cited in the report include malware attacks against ATMs, compromising payments using contactless payment cards based on near-field communications as well as attacks involving the SWIFT interbank messaging system.
Woodward says there's been "a notable reuse of old tricks as well," including malware, ransomware and spear-phishing attacks. As the report notes: "The overall quality and authenticity of phishing campaigns has increased," and attacks increasingly target "high value targets" inside organizations.
"It's not a surprise, but criminals have worked out that 'CxO' levels are really good targets for phishing attacks," Woodward says.
8 Cybercrime Trends
The report calls out eight cyberattack, online child sexual exploitation and payment fraud trends:
- Card-present fraud: The report notes that EMV - chip and PIN - as well as other anti-fraud measures such as geoblocking "continue to erode card-present fraud within the EU, forcing criminals to migrate cash-out operations to other regions."
- Crime-as-a-service model: The broad range and easy availability of tools suits multiple uses. As a result, "the boundaries between cybercriminals, advanced persistent threat style actors and other groups continue to blur."
- Cryptocurrency: Tough-to-trace bitcoins, in particular, continue to be favored for paying for cybercrime services or extorting victims.
- Darknet abuse: Criminals have long favored darknet or "deep web" forums. But backed by peer-to-peer communications and platforms that are end-to-end encrypted, a growing number of darknet forums are devoted not just to buying and selling cybercrime services, but also to exchanging child sexual exploitation material, including "live-distant child abuse."
- DDoS: Distributed denial-of-service attacks "continue to grow in intensity and complexity, with many attacks blending network and application layer attacks," driven, in part, by the ease and affordability of stresser/booter services.
- Encryption: Criminals are abusing legitimate anonymity and crypto services and tools, complicating law enforcement investigations.
- Exfiltration: While many attackers continue to focus on stealing financial information, "there is a growing trend in the compromise of other data types, such as medical or other sensitive data or intellectual property."
- Social engineering: Phishing attacks continue to proliferate, as does the refined form of phishing known as CEO fraud.
Breach Victims: Look Within
In what may come as a blow to organizations whose breach notification boilerplate emphasizes the sophistication of the hack that breached their network, Europol's report says that the opposite is far more true.
"It should be noted that the majority of reported attacks are neither sophisticated nor advanced," the report says. "While it is true that in some areas cybercriminals demonstrate a high degree of sophistication in the tools, tactics and processes they employ, many forms of attacks work because of a lack of digital hygiene, a lack of security by design and a lack of user awareness."
One law enforcement concern is that the widely available and effective cybercrime tools will be increasingly adopted by violent extremists. "The thriving of the as-a-service industry in the digital underground provides easy access to criminal products and services that can be used by anyone, from technically savvy individuals to non-technically skilled terrorists," the report says.
Europol's EU Internet Referral Unit was launched in 2015 to combat online terrorist propaganda and violent extremist activities online. In its first year, the unit flagged to service providers 11,000 messages across some 31 online platforms in eight languages and also assisted with 44 investigations across the EU.
To date, Europol says, most terrorist operations appear to have been planned using relatively unsophisticated tools. But there's nothing to stop violent extremists from making use of bitcoins or on-demand crypto services.
As Europol Director Rob Wainwright notes in a statement: "The growing misuse of legitimate anonymity and encryption services for illegal purposes remain a serious impediment to the detection, investigation and prosecution of criminals."
Sharing Intelligence Remains Key
Many countries have been devoting more resources in an attempt to more quickly spot online violent extremist activities. "Different countries are taking very different approaches," Woodward says. "The key will be intelligence sharing."
That goes for cybercrime investigations as well, because criminals continue to operate across borders. As a result, in recent years, Europol has focused many of its efforts on fostering cross-border intelligence and cooperation, for example via its European Cybercrime Center, or EC3.
Steven Wilson, who heads EC3, notes that private/public partnerships also remain key. "Partnerships between industry and law enforcement have improved significantly, leading to the disruption or arrest of many major cybercriminal syndicates and high-profile individuals associated with child abuse, cyber intrusions and payment card fraud, and to innovative new prevention programs such as the 'no more ransom' campaign," he says in a statement (see 'No More Ransom' Portal Offers Respite From Ransomware).
But with Britain set to negotiate its exit from the European Union - via "Brexit" - the fate of these intelligence-sharing efforts are now in question. The current heads of both Europol and EC3, for example, are British.
Post-Brexit, however, the EU may no longer give Britain full access to Europol because it's an EU agency.