Cybercrime is continuing to mature and becoming more and more bold. It’s shifting its focus to larger and more profitable targets as well as new technologies. Data is the key element in cybercrime, from a crime and an investigation perspective. That’s according to Europol’s sixth annual Internet Organised Crime Threat Assessment (IOCTA).
Catherine de Bolle, executive director of Europol, says in a foreword: “As criminals adapt, law enforcement and legislators must also innovate to stay ahead, and seek to capitalise on new and developing technologies. This in turn requires training to produce the specialised capabilities required to investigate technically challenging or complex cybercrimes, such as those involving the abuse of cryptocurrencies or the dark web.”
Ransomware remains the top cybercrime threat in 2019. Even though law enforcement has witnessed a decline in the overall volume of ransomware attacks, those that do take place are more targeted, more profitable and cause greater economic damage. As long as ransomware provides relatively easy income for cybercriminals and continues to cause significant damage and financial losses, it is likely to remain the top cybercrime threat, say police.
The 63-page document makes the point that criminals only innovate their criminal behaviour when existing modi operandi have become unsuccessful or more profitable opportunities emerge. New threats do not only arise from new technologies but often come from known vulnerabilities in existing technologies that remain unpatched for a long time. Law enforcement must not only focus on the potential impact of technological developments in cybercrime, such as artificial intelligence but also approach cybercrime in a holistic sense, including prevention, awareness and increasing cyber education and resilience, say police.
As more and more companies outsource areas of their business, such as moving more infrastructure to third-party cloud services, Europol expects to see a growth in supply chain attacks, and the evolution of such attacks to become increasingly complex. The report adds: “This develops a clear interdependency between organisations and leads to the necessity of having a higher level of cybersecurity across the spectrum to ensure the minimisation of successful cybercrime attacks.”
The report says that many private sector companies ‘now fear not only ‘conventional’ ransomware attacks, but also destructive cyber-attacks; acts of sabotage’.
As for ‘cross cutting crime factors’, phishing remains an important tool in the arsenal of cybercriminals for both cyber-dependent crime and non-cash payment
fraud (NCPF). And while cryptocurrencies continue to facilitate cybercrime, hackers and fraudsters now routinely target crypto-assets and enterprises.
The IOCTA was presented at the Europol-INTERPOL Cybercrime Conference at Europol’s headquarters, in The Hague.
