The 2018 Internet Organised Crime Threat Assessment (IOCTA), by the European Union policing agency Europol, reports that ransomware remains the key malware threat.
The 72-page report suggests that the new GDPR (General Data Protection Regulation) and the lesser-known Network and Information Security (NIS) directive, also relating to data breaches, will likely lead to greater reporting of breaches to law enforcement and increasing cases of cyber-extortion.
This fifth edition of the report, was the first for Catherine De Bolle, as Executive Director of Europol. She said: “While some cyber-attacks continue to grab headlines with their magnitude, other areas of cybercrime are no less of a threat or concern. Payment fraud continues to emphasise significant financial losses, criminal gains and the facilitation of other crime; while online child sexual exploitation epitomises the worst aspects of the internet and highlights the ever present danger to our children from those who would seek to exploit or abuse them.”
As for payment fraud, the report warns that the threat from skimming continues and shall do as long as payment cards with magnetic stripes continue to be used. The abuse of PoS terminals is taking on new forms: from manipulation of devices to the fraudulent acquisition of new terminals. And as for online markets of cybercrime toolkits or fake documents or banknotes, even firearms and explosives, Europol sees more, smaller vendor shops; and secondary markets catering to specific language groups or nationalities. Most illicit trade however still occurs on the surface web. The nature of the counterfeit commodity is reflected in which market it is sold. Counterfeit goods such as clothing, pharmaceuticals, electronics, or jewellery, sold wittingly or unwittingly, will typically be found on the surface web where they can reach the maximum customer base.
Many social engineering scams targeting EU citizens are carried out by West African organised crime groups. West African fraudsters have evolved to adopt emerging techniques, including those with more sophisticated, technical aspects, such as business email compromise. Technical support scams, (often referred to as Microsoft support scams), advance fee fraud and romance scams still feature prominently in law enforcement reporting.
Comments
Javvad Malik, security advocate at AlienVault, said: “The report is a good roundup and validation of a lot of findings we and others in the industry have been seeing in terms of overall trends. Collaboration appears to be one of the biggest and most prominent take-aways. Being able to establish trustworthy channels to collaborate and share information and intelligence is vital. Notable by its omission, there is no mention of the role of bots by organised crime and state to push agendas and misinformation, even though there are increasing industry studies that points to these as being tools in the arsenal of attackers.”
And High-Tech Bridge CEO Ilia Kolochenko said: “The global threat landscape has not faced any revolutionary changes for a while. Even if some attacking techniques replace others, most of them have been known for a long time already. Obviously, one can notice a clear shift in vulnerability exploitation, data exfiltration and security mechanism bypass techniques. But these “operational” changes are mostly caused by growing prevalence of mobile and cloud technologies amid the victims. The rising predominance of crypto-miners is quite predictable, as millions of previously “worthless” devices (e.g. unpatched routers), can now bring some riskless profit to the attackers.
“Sophistication of the malware and attacks will, however, likely be a key trend in the upcoming years. Users become more and more paranoid, and banal spam campaigns will hardly bring any profit to cybercriminals. Therefore, they become more creative, insidious and perfidious. We will probably see an increasing attacks on trusted third parties (e.g suppliers) to get into the large organisations.”
For the report visit the Europol website.
