Europol - Internet Organised Crime Threat Assessment 2018

Europol has just released its fifth annual Internet Organised Crime Threat Assessment (IOCTA).

The report offers a unique law enforcement view of the emerging threats and key developments in the field of cybercrime over the last year and warns of 15 ways in which people can fall prey to cyber criminals.

We list below some of the main trends from the Europol report. A complete overview can be found in the full report on Europol’s website.

Ransomware, malware, beware!

  1. Ransomware has become a standard attack tool for cybercriminals. However, criminals are moving from random attacks to targeting companies or individuals where greater potential benefits lie.
  2. Mobile malware may grow as users shift from online to mobile banking.
  3. Cyber-attacks have become increasingly stealthy and harder to detect. Attacks using fileless malware have become a standard component of the crime-as-a-service1 industry.
  4. The GDPR legislation requires breaches to be reported within 72 hours. Criminals may try to extort breached organisations. While this is not new, it is possible that hacked companies will prefer to pay a smaller ransom to a hacker for non-disclosure than the steep fine that might be imposed by the authorities.
  5. The motive behind network intrusions is the illegal acquisition of data, for a variety of purposes, including phishing or payment fraud.
  6. DDoS attacks continue to grow and tools to launch them are easily available as a service, allowing unskilled individuals to launch significant DDoS attacks.
  7. Continued growth in the volume of social engineering attacks is expected, but as a key component of more complex cyber-attacks. West African fraudsters are likely to have a more significant role within the EU in the future, as Africa continues to have the fastest growing internet usage globally

Cryptocurrencies are no safe haven

  1. Criminals will continue to abuse cryptocurrencies. Cyber-attacks which historically targeted traditional financial instruments are now targeting businesses and users of cryptocurrencies. Cryptomining has been exploited by financially motivated cybercriminals, who for instance hack legitimate websites to cryptojack2 users visiting those sites. Such attacks are much more appealing to cybercriminals wishing to keep a low profile, requiring little or no victim engagement and, at least currently, minimal law enforcement attention (with browser-based mining not actually being illegal).  Another emerging threat is ‘true’ cryptomining malware which uses the processing power of infected machines to mine cryptocurrencies.
  2. We anticipate a more pronounced shift towards more privacy-oriented currencies. An increase in extortion demands and ransomware in these currencies will exemplify this shift.

Online child sexual exploitation

  1. Online child sexual exploitation continues to be the most disturbing aspect of cybercrime with volumes of material that were unimaginable ten years ago, partly because of the growing number of young children with access to internet-enabled devices and social media.
  2. This leads to an explosion of self-generated material. Such images are often initially produced and shared voluntarily and end up in the hands of online child sex offenders. Offenders might also obtain images through sexual extortion of minors.
  3.  Offenders continuously seek new ways to avoid detection from law enforcement, including anonymisation and encryption tools, everyday communication applications with end-to-end encryption, social media platforms or even within Bitcoin’s blockchain. Most material is still found on the surface internet, but some of the more extreme material tends to be found on hidden services that can only be accessed on the Darknet.
  4. Live streaming of child sexual abuse remains a particularly complex crime to investigate and is likely to further increase in the future. It often leaves few forensic traces and the live streamed material does not need to be downloaded or locally stored. It will most likely move to other parts of the world, where legislation and law enforcement are not always able to keep up with the rapid developments in this area. The live streaming of self-generated material is also expected to increase.

Payment card fraud

  1. Skimming is still successful as card magnetic stripes continue to be used. Instant payments may reduce detection and intervention opportunities by banks. This can potentially lead to a higher fraud rate.
  2. Telecommunications fraud represents an old but growing trend in fraud involving non-cash payments.

Source: www.europol.europa.eu

News

Supporting Specialised Skills Development: Big Data, Internet of Things and Cybersecurity for SMEs

Digitisation is a hot topic and impacts everyone. Did you encounter a security incident lately? Are you aware of the potential of big data, but unsure how and where to start applying it? Do you produce or use Internet of Things (IoT) sensors and networks? Are you already using one of these technologies, but are you facing skills challenges? Or do you work closely together with SMEs?
Then you are invited to participate in this survey!

With your participation, you can help to gain insight in:

Events

25/10/2018
Cloudia IT Academy 2018 - CyberSec Day

On October 25th the IT ACADEMY is dedicating a whole day to the topic of Cyber ​​Security with the fourth edition of CyberSec Day.

The event is gathering cybersecurity experts giving valuable insights on the fast evolving cybersecurity landscape; over the last years companies have been subject to increasingly sophisticated cyber attacks: they have had to evolve their approach to cybersecurity over time and today face the challenge of how to keep it aligned with the business strategy.

01/11/2018 to 10/11/2018
6th European Cyber Security Conference - 8th November 2018 - Brussels (Belgium)

The European Cyber Security Conference (organised by Forum Europe) provides a platform for key policymakers and stakeholders to discuss and debate the most pertinent issues affecting the security and safety of the digital space.