With society’s increasing dependence on technology, so too have criminals become increasingly dependent on technology to enable them to commit crimes.
In its 2019 Internet Organised Crime Threat Assessment Report (“the Report”), Europol’s European Cybercrime Centre (EC3) defines cyber-dependent crime as “any crime that can only be committed using computers, computer networks or other forms of information communication technology (ICT).”
The Report reveals the top European cybercrime threats, key trends and areas for law enforcement improvement.
Ransomware has represented the top cyber threat in Europe for some time now, maintaining this position in the 2019 report despite a decrease in the total number of ransomware attacks throughout 2018.
One reason for this may be a shift to more targeted and lucrative attacks against businesses as opposed to random individuals. There are cases where a company’s encrypted files have been ransomed for over EUR 1 million.
The primary methods used by malicious cyber actors to compromise networks include:
- Social engineering and highly targeted phishing emails (spear-phishing)
- The use of vulnerable remote desktop protocols (RDPs) – either through hacking or buying access to the network through a criminal forum
Another key development is that in addition to typical ransomware attacks where paying a ‘ransom’ may result in the release of the data, there has been an increase in destructive cyber acts of sabotage, designed to cause permanent destruction of the victim’s data. An example of this is the ‘GermanWiper’ malware which surfaced in 2019.
Data compromise refers to illegally obtained financial or personal data through means such as malware or phishing. After ransomware, the compromise of data represents the second most prominent cyber threat in Europe.
This data may be used directly to commit fraud or sold to other criminals on the dark web. Whilst compromised financial data may allow for immediate financial gains by cyber criminals, personal data may be used to enable targeted attacks such as spear-phishing or Business Email Compromise (BEC) fraud, which in the longer term may yield more significant criminal proceeds.
There is also a growing threat of malicious insider activity in compromising data, where the insider works directly for a company or for a third-party service provider.
European companies need to be extremely diligent in implementing adequate cybersecurity procedures to prevent data compromise, especially considering the extremely high potential fines for non-compliance with the GDPR.
Distributed Denial of Service (DDoS) attacks occur where multiple compromised systems work together to deny others access to an entity’s data or services, critically disrupting the operations of an organisation.
DDoS attacks were identified as the third most significant threat in the Report. Whilst attacks were most commonly motivated by financial gain through extortion, other attacks were of an ideological/political nature or purely malicious.
Attacks on critical infrastructure
These attacks may involve the use of some of the previously covered attack tools such as DDoS, however they are distinguished by the primary motive focusing on attacking the infrastructure itself and disrupting its functions.
Commonly attacked critical infrastructures include within the energy, transport, water supply and health sectors.
The Report states that attacks on these infrastructures are unlikely to be conducted by financially motivated criminals as “such attacks draw the attention of multiple authorities and as such pose a disproportionate risk”. Perpetrators are more likely to be hostile nation states.
Whilst not a top priority, the number of website defacement cases still requires the allocation of limited law enforcement resources. Perhaps most significantly, investigation of these offences may help to catch potential future cybercriminals testing out their capabilities and prevent them from developing a career in cyber crime.
Lower priority threats
A number of threats, whilst present, did not feature prominently in law enforcement reporting for 2018. These include:
- Data stealing malware
- Cryptomining – exploiting a victim’s processing power without their permission to mine cryptocurrencies. Despite a significant surge in these cases in 2017, this phenomenon was not prevalent in 2018 law enforcement reporting.
- Mobile malware
Future threats and developments
Whilst there is often a lot of hype about potential criminal applications of new and emerging technologies, the majority of attacks still rely on long-established methods such as ransomware, BEC fraud and exploiting known vulnerabilities in existing technologies. It is likely that criminals will continue to refine these attacks to increase the potential for financial gain and reduce the chance of being caught.
The Report does make a number of predictions including:
- With more companies outsourcing areas of their business, there will likely be a growth in supply chain attacks
- Financially motivated cybercrime gangs will shift their focus to entities with large cryptocurrency assets
- There will be significant ongoing risk to the Domain Name System (DNS) infrastructure allowing malicious actors to see data in transit, redirect traffic or ‘spoof’ specific websites
The Report outlines a number of recommendations for law enforcement to better combat cyber-dependent crime:
- Significant efforts need to be devoted to tackling major crime-as-a-service providers
- There is a need for enhanced cooperation and improved data sharing between law enforcement, computer security incident response teams and private partners
- Legal instruments such as Joint Investigation Teams should be utilised in cross-border investigations
- Further enhance the collaboration between the information security sector and cyber law enforcement authorities