Europol - Internet Organised Crime Threat Assessment 2018

Home » News » Europol - Internet Organised Crime Threat Assessment 2018

Europol has just released its fifth annual Internet Organised Crime Threat Assessment (IOCTA).

The report offers a unique law enforcement view of the emerging threats and key developments in the field of cybercrime over the last year and warns of 15 ways in which people can fall prey to cyber criminals.

We list below some of the main trends from the Europol report. A complete overview can be found in the full report on Europol’s website.

Ransomware, malware, beware!

  1. Ransomware has become a standard attack tool for cybercriminals. However, criminals are moving from random attacks to targeting companies or individuals where greater potential benefits lie.
  2. Mobile malware may grow as users shift from online to mobile banking.
  3. Cyber-attacks have become increasingly stealthy and harder to detect. Attacks using fileless malware have become a standard component of the crime-as-a-service1 industry.
  4. The GDPR legislation requires breaches to be reported within 72 hours. Criminals may try to extort breached organisations. While this is not new, it is possible that hacked companies will prefer to pay a smaller ransom to a hacker for non-disclosure than the steep fine that might be imposed by the authorities.
  5. The motive behind network intrusions is the illegal acquisition of data, for a variety of purposes, including phishing or payment fraud.
  6. DDoS attacks continue to grow and tools to launch them are easily available as a service, allowing unskilled individuals to launch significant DDoS attacks.
  7. Continued growth in the volume of social engineering attacks is expected, but as a key component of more complex cyber-attacks. West African fraudsters are likely to have a more significant role within the EU in the future, as Africa continues to have the fastest growing internet usage globally

Cryptocurrencies are no safe haven

  1. Criminals will continue to abuse cryptocurrencies. Cyber-attacks which historically targeted traditional financial instruments are now targeting businesses and users of cryptocurrencies. Cryptomining has been exploited by financially motivated cybercriminals, who for instance hack legitimate websites to cryptojack2 users visiting those sites. Such attacks are much more appealing to cybercriminals wishing to keep a low profile, requiring little or no victim engagement and, at least currently, minimal law enforcement attention (with browser-based mining not actually being illegal).  Another emerging threat is ‘true’ cryptomining malware which uses the processing power of infected machines to mine cryptocurrencies.
  2. We anticipate a more pronounced shift towards more privacy-oriented currencies. An increase in extortion demands and ransomware in these currencies will exemplify this shift.

Online child sexual exploitation

  1. Online child sexual exploitation continues to be the most disturbing aspect of cybercrime with volumes of material that were unimaginable ten years ago, partly because of the growing number of young children with access to internet-enabled devices and social media.
  2. This leads to an explosion of self-generated material. Such images are often initially produced and shared voluntarily and end up in the hands of online child sex offenders. Offenders might also obtain images through sexual extortion of minors.
  3.  Offenders continuously seek new ways to avoid detection from law enforcement, including anonymisation and encryption tools, everyday communication applications with end-to-end encryption, social media platforms or even within Bitcoin’s blockchain. Most material is still found on the surface internet, but some of the more extreme material tends to be found on hidden services that can only be accessed on the Darknet.
  4. Live streaming of child sexual abuse remains a particularly complex crime to investigate and is likely to further increase in the future. It often leaves few forensic traces and the live streamed material does not need to be downloaded or locally stored. It will most likely move to other parts of the world, where legislation and law enforcement are not always able to keep up with the rapid developments in this area. The live streaming of self-generated material is also expected to increase.

Payment card fraud

  1. Skimming is still successful as card magnetic stripes continue to be used. Instant payments may reduce detection and intervention opportunities by banks. This can potentially lead to a higher fraud rate.
  2. Telecommunications fraud represents an old but growing trend in fraud involving non-cash payments.



CyberSolace, has added a new niche capability to its portfolio of cybersecurity consulting services in the form of Crypto-Currency traceability services in Cybercrime cases.  Especially in relation to ransomware attacks and extorted funds tracing and recoverability.

Future Events

The sec4dev Conference & Bootcamp is a Vienna-based security event which targets one very specific group: people involved in software development.

From February 24-27 2020 experts will gather in the TU Wien to discuss and promote, among other things, secure coding, security testing, automation and continuous integration.

24/02/2020 to 27/02/2020

As Europe’s largest legal technology conference and exhibition, The British Legal Technology Forum 2020 will bring together the most respected professionals from both the legal and commercial technology sectors to examine and explore the systems, strategies, processes and platforms that will drive law firms and legal businesses into the next decade and beyond.