5 takeaways from the Europol's 2020 cybercrime report, IOCTA
Europol’s 2020 security report, IOCTA (Internet Organized Crime Threat Assesment), points out that the degree of sophistication of cybercrime has changed significantly recently, mainly due to the pandemic caused by COVID-19.
“While ransomware, business email compromise (BEC) and social engineering are familiar cybercrime threats, their execution evolves constantly and makes these criminal activities more complex to detect and to investigate”, states Europol.
According to the European agency, cybercriminals have adapted and found new modus operandi, exploring new attack vectors and new groups of victims.
Table of Contents
2020 Internet Organized Crime Report key points
1. Ransomware remains at the center of concerns
Europol continues to name ransomware as one of the main threats in the virtual world. The difference now is that this type of threat evolves into other forms of extortion. Cybercriminals threaten victims by saying that they will auction off compromised data on the dark web, which could have legal implications.
“The number of targeted ransomware cases has increased over the past year, which has led to a significant increase in threat actor capability as well as a higher impact on victims”, says the report.
“Ransomware on third-party providers also creates potential significant damage for other organizations in the supply chain as well as critical infrastructure.”
2. Advanced forms of malware have been widely used
In the report, the agency points out that, in addition to ransomware, other types of malware have caught the attention of authorities, such as trojans and RATs.
“Criminals have converted some traditional banking Trojans into modular malware to cover a broader scope of collection of PC digital fingerprints collection and are being sold to cover different needs (e.g. droppers, exfiltration, etc.).”
As in the case of ransomware, other types of malware have been used for targeted scams, with well-defined targets. In this scenario, third-party providers and partners have been targeted.
“In one case, a private sector respondent reported one of their third-party service providers had been targeted by Emotet malware which led to a high-risk situation at the respondent’s organization. Attackers were studying old email threads between the targeted company and the respondent carefully, trying to embed themselves into the conversation naturally using highly tailored messages to gather information.”
3. CaaS, MaaS e RaaS fuel the cybercrime
Crime as a Service (CaaS) is a business model that turns crime into commodity, facilitating access to threats and scams. Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) are examples. The report shows a concern about this business model.
The reason is that, once cybercriminals share compromised infrastructure, services, and credentials, planning and committing cybercrime is much easier and more effective.
“Simultaneously, European law enforcement has reported a rise in less tech-savvy cybercriminals in the context of widely available CaaS solutions… Where specialist skills are needed (e.g. malware-coding, malware-distribution), criminals are able to hire developers or consultants to fill this need. This highlights increased professionalisation in the cybercrime threat landscape.”
4. Social engineering and phishing scams have increased
The report explains that, due to COVID-19, social engineering and phishing stood out, exploiting the social vulnerability that involves the search for reliable information and data. In fact, in 2020, the agency saw a significant increase in the volume and sophistication of social engineering and phishing threats.
“Targeting human weakness in the security chain, social engineering and phishing have a high impact on society and enable the majority of cybercrimes, ranging from scams and extortion to the acquisition of sensitive information and the execution of advanced malware attacks”.
The agency also says that social engineering tactics are used to convince targets to interact and believe in the fraud, while phishing continues to be used to deliver malware and steal access credentials.
“Phishing has become more difficult to detect, with many phishing emails and sites being almost identical to the real ones. At the same time, phishing campaigns have become faster and more automated, forcing respondents to act quicker than before as in some cases it takes one day from a credential leak to an attack”.
5. BEC (Business Email Compromise) causes even more concern
Regarding BEC attacks, the report points out to more advanced and even more targeted scams, which causes huge concern. This situation is understandable since the attacks of BEC usually cause big financial damages to institutions and companies.
“BEC causes enormous losses and disruption to livelihoods and business operations. Often following spear phishing emails, BEC is highly tailored and very effective with targets ranging from governments, international organizations, small to large businesses and individuals.”
In the report, Europol distinguishes between the two main types of BEC, but there are others.
“The two most common types of BEC are CEO fraud (criminals impersonating a high-level executive requesting urgent bank transfers) and invoice fraud (criminals impersonating suppliers asking for legitimate payments to be directed to a bank account under the criminal’s control, or creating new, fraudulent invoices)”.
Other key points in the Europol's cybercrime report
- Distributed Denial-of-Service attacks (DDoS) have been targeting smaller companies with less protection capacity.
- Cryptocurrencies continue to make it harder to identify cybercriminals and facilitate crime payments.
- Cases involving child sexual exploitation on the web have continued to increase in recent years, now with the use of encrypted chat applications, which makes investigative work more difficult.
- SIM swapping has been widely exploited by criminals, who can take over the account of their victims and do whatever they want.
- Online investment fraud is growing. In fact, this is one of the fastest growing types of cybercrimes in recent years.