The past 12 months have seen the threat from cybercrime reach unprecedented levels with the global impact of cyber security events such as the WannaCry ransomware epidemic, which targeted a range of organisations by encrypting computer data and demanding ransom payments in the Bitcoin crypto-currency.

The 2017 Internet Organised Crime Threat Assessment (IOCTA) produced by Europol’s European Cybercrime Centre (EC3) identifies key cybercrime areas to address. Europol assists EU Member States in their fight against serious international crime and terrorism, while also working with many non-EU partner states and international organisations. Europol set up the EC3 in 2013 to strengthen the law enforcement response to cybercrime.

The IOCTA 2017 identifies three priority cybercrime areas to be addressed: cyber-attacks, payment fraud and child sexual exploitation online. Additionally, the report discusses other cross-cutting factors which influence or impact the cybercrime ecosystem, such as criminal use of the Darknet and social engineering, as well as making recommendations to address the cybercrime challenges.


What are the priority crime areas and key findings in the 2017 IOCTA?



  • Ransomware continues be one of the most prominent malware threats, and is one of the easiest forms of cyber-attack to monetise. Beyond the initial infection, all the attacker has to do is collect the ransom payment by using virtual currencies such as Bitcoin, as opposed to having to sell harvested data and employing third parties to help launder the proceeds.
  • Booters and Stressers are services offered by cyber criminals that provide paying customers with distributed denial of service (DDoS) attack capabilities on demand, where the perpetrator seeks to make a machine or network resource unavailable to its intended users by disrupting services of a host connected to the Internet. While sophisticated cyber-attacks against critical infrastructures are a real threat, attacks using booters/stressers appear to be much more likely, and easier to achieve.
  • The IOTCA predicts that we will see an increasing number of large-scale DDoS attacks originating from a variety of insecure Internet of Things (IoT) devices – the network of physical devices, vehicles, and other items embedded with electronics, software, sensors, actuators and network connectivity which enable these objects to collect and exchange data.


Child sexual exploitation online

  • Coercion and sexual extortion are increasingly being used to victimise children. Offenders use these methods to obtain further child abuse material, for financial gain or to get physical access to the victim.
  • While peer-to-peer (P2P) networks continue to remain a key platform for the sharing and distribution of Child Sexual Exploitation Material (CSEM), everyday communication and social media applications are increasingly being used for the same purpose.
  • Online offender communities operating from within the Darknet remain a primary concern, providing an environment for offenders to legitimise their behaviour, and to share both access to CSEM and operations security (OPSEC) knowledge.


Payment fraud

  • Several sectors, such as the airline and accommodation industries, are targeted by card-not-present (CNP) fraudsters as the services they provide can be used for the facilitation of other crimes, including trafficking in human beings (THB) or drugs, and illegal immigration.
  • The lack of criminalisation of the possession of stolen/compromised sensitive online payment credentials causes significant investigative challenges in this area.
  • Direct attacks on bank networks to manipulate card balances, take control of ATMs or directly transfer funds, known as payment process compromise, represents one of the serious emerging threats in this area.


Online criminal markets

  • Darknet markets are a key cross-cutting enabler for other crime areas, providing access to, amongst other things, compromised payment data to commit various types of payment fraud, and fraudulent documents to facilitate fraud, trafficking in human beings and illegal immigration.
  • While an unprecedented number of users make use of Tor and similar anonymising networks, the Darknet is not yet the mainstream platform for the distribution of illicit goods, but is rapidly growing its own specific customer base in the areas of illicit drugs, weapons and child sexual exploitation material (CSEM).


What are the IOCTA recommendations for law enforcement, policy makers and regulators in combating cybercrime?


  • Law enforcement must continue to focus on the actors developing and providing the cybercrime attack tools and services responsible for ransomware, banking Trojans and other malware, and suppliers of DDoS attack tools, counter-anti-virus services and botnets.
  • The international law enforcement community must continue to build trusted relationships with public and private partners so that it is adequately prepared to provide a fast and coordinated response in the case of a global cyber-attack.
  • Company employees and the general public need to be educated to recognise and respond accordingly to changing criminal tactics like social engineering and spam botnets.
  • While investigating online child sexual exploitation, sufficient investigative tools and resources need to be ensured to fight this crime.
  • Law enforcement needs to develop a globally coordinated strategic overview of the threat presented by the Darknet. Such analysis would allow for future coordination of global action to destabilise and close down criminal marketplaces. It is also essential that investigators responsible for all crime areas represented on Darknet markets have the knowledge, expertise and tools required to effectively investigate and act in this environment.
  • The growing threat of cybercrime requires dedicated legislation that enables law enforcement presence and action in an online environment.


Nyman Gibson Miralis provides expert advice and representation in complex international cybercrime investigations. Our expertise includes dealing with malware, phishing and computer hacking offences, bootlegging and tripping, Bitcoin and crypto-currency fraud, as well as offences relating to identity theft, spreading computer viruses and DDoS attacks.

Contact us if you require assistance.