Emotet trojan and other insights from the Europol report on organized crime, SOCTA

SOCTA report's cover and hacker attacking computer.
Compartilhar no facebook
Compartilhar no twitter
Compartilhar no linkedin
Compartilhar no reddit
Compartilhar no whatsapp

Europol’s 2021 report on organized crime, SOCTA (Serious and Organized Crime Threat Assessment), states that cybercrime and cyber threats are in full development and expansion. In addition to the increase in the volume of attacks, there is also more technology involved in the crimes.

“Cybercrime is highly dynamic, exploiting rapidly advancing technologies. Critical infrastructures will continue to be targeted by cybercriminals in the coming years, which poses significant risks”, says Europol.

The European agency further states that “businesses are increasingly the targets of cyberattacks”.

SOCTA is one of Europol’s main reports. In general, it addresses several points about organized crime. But in this article, Gatefy will stick to excerpts from the document that talk about cybercrime.

Table of Contents

Subscribe to the Gatefy Blog

Emotet: the most dangerous malware in the world

The Emotet trojan has a special highlight in the report, including the title “world’s most dangerous malware”. Emotet was identified in 2014 as a banking trojan. But, according to the document, it has evolved over the years into a powerful weapon in cybercrime.

“Emotet was much more than just a malware. What made Emotet so dangerous is that the malware was offered for hire to other cybercriminals to install other types of malware, such as banking Trojans or ransomwares, onto a victim’s computer”, states Europol.

Emotet exploited emails to reach its victims. The group behind the threat created a fully automated process, taking email as a threat vector to a next level. In addition, various types of baits and subjects were used, such as invoices, shipping notices and information about COVID-19.

“The infrastructure that was used by Emotet involved several hundreds of servers located across the world, all of these having different functionalities in order to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts”.

Highlights from Europol's report on organized crime

1. Incidence and sophistication of cyber attacks

To Europol, the evolution of attacks and cybercrimes is still far from over in terms of incidence and complexity.

“The threat from cyber-dependent crime has been increasing over the last years, not only in terms of the number of attacks reported but also in terms of the sophistication of attacks”.

The reason for this, according to the report, has to do with the dynamic and rapid progress of the digitalization of society and the economy. The COVID-19 pandemic is an example.

“The COVID-19 pandemic has seen a surge in connections from private to corporate systems as telework became the norm in many sectors and industries. This development has made many corporate networks more vulnerable to cyberattacks”.

2. Crime as a Service (CaaS)

In the report, Europol expresses concern and states that the availability to purchase advanced services and threats online favors cybercrime. This business model is known as CaaS, which includes, for example, RaaS (Ransomware as a Service).

“Criminal services and tools such as malware, ransomware, DDoS and instructions to perform many types of attacks are offered online, often on the dark web. Cybercrime services and tools can be purchased by paying a user fee, a rental fee or even a percentage of the criminal profits”.

The big issue with the CaaS model is precisely that it provides experience and technology to those who don’t understand much of the subject, equipping a greater number of criminals who don’t have programming skills.

“Developers offer technical expertise and support as service providers to affiliates who are often entry-level cybercriminals that identify and infect vulnerable targets”.

3. Malware, ransomware, and DDoS

The report explains that cybercrime uses different invasion tools and techniques. The criminals’ goal is to exploit any type of vulnerability available. Check out below what Europol has to say about some of these tools.


“Malware is a widely used cybercrime tool. Malware constantly evolves and is highly diverse, existing in hundreds of thousands of variants. The EU’s cybersecurity agency ENISA reports the detection of 230 000 new strains of malware every day”.


“Ransomware has been acknowledged as a key cybercrime threat for some years now. However, the number of attacks and the level of their sophistication continues to increase. The increase in the number of attacks on public institutions and large companies is particularly notable”.

DDoS (Distributed Denial of Service)

“DDoS attacks are a well-known and persistent threat that are designed to disrupt or shut down a service/ network by overwhelming it. Cybercriminals orchestrate persistent attacks which might be followed by ransom requests offering to cease the attack in exchange for a payment. Cybercriminals now increasingly target smaller organisations with lower security standards”.

4. Phishing, BEC and investment fraud

According to the report, the development of payment processes on digital platforms has created even more opportunities for fraudsters. But not only that. Cybercriminals are also experts in analyzing people’s behavior to explore new forms of fraud.

In this context, the document highlights the incidence of phishing, BEC (Business Email Compromise), and investment fraud.


Regarding phishing attacks, Europol points out that this type of fraud remains one of the main threats. The European agency also says that phishing is evolving in sophistication.

Phishing is a “fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication”.

BEC or CEO Fraud

Like phishing, the report states that BEC attacks (or CEO Fraud) continue to rise in terms of volume, complexity, and efficiency.

“Chief Executive Officer (CEO) fraud is one of the most common types of payment order fraud. As part of this fraud, employees receive a payment order by email or a telephone call from a fraudster impersonating a company executive, often the CEO. The payment is instructed to be made out to bank accounts under the control of the fraudsters”.

Investment fraud

Investment fraud has also increased, according to the document. Important information in the report points out that criminals often seek out their victims via social media.

“Investment fraud schemes result in substantial financial damage to private individuals and companies. Investment fraudsters have been increasingly targeting the cryptocurrency investment market by operating fake websites offering bogus investment opportunities.”.

5. Online child sexual exploitation

SOCTA highlights the increase in cases of online child sexual exploitation. In addition, the document makes clear Europol’s concern about the physical and psychological damage caused by this type of crime.

“The widespread abuse of encryption tools, including end-to-end encrypted apps, has lowered the risk of detection by offenders. Offenders increasingly rely on anonymisation services such as virtual private networks (VPNs) or proxy servers”, states the agency.

Europol claims to have more than 40 million images of child sexual abuse worldwide. To fight the threat, the agency created the campaign “Stop Child Abuse: Trace An Object”, check out more details here.

2021 SOCTA

If you want to see the full report, click here.

Business email protection solutions

The Europol report points to worrying vulnerabilities and threats, such as phishing, malware and BEC attacks. The case of Emotet trojan, distributed via malicious emails, is another example.

Gatefy is a cybersecurity startup that is concerned with blocking advanced hacker threats. Our email protection solutions integrate with different providers and platforms, such as Microsoft Office 365, G Suite, Zimbra and Exchange.

Talk to our sales team to find out more.

Phishing & Spear Phishing
Download our ebook to understand the difference between phishing and spear phishing attacks.
Share this article
Compartilhar no facebook
Compartilhar no twitter
Compartilhar no linkedin
Compartilhar no reddit
Compartilhar no whatsapp
Subscribe to our news
Don't forget to share this post
Compartilhar no facebook
Compartilhar no twitter
Compartilhar no linkedin
Compartilhar no reddit
Compartilhar no whatsapp
Related Articles