1. Crime-as-a-ServiceThe digital underground is underpinned by a mature crime-as-a-service model that continues to provide tools and services across the entire spectrum of cyber criminality, from entry-level to highly organized crime syndicates. “Terrorist actors clearly have the potential to access this sector in the future,” said Europol.
2. RansomwareMany have dubbed 2016 the year of ransomware attacks. With ransomware and banking Trojans remaining the most prevalent malware threats, the trend is unlikely to change for the foreseeable future, said the agency.
3. The Criminal Use of Data“Data remains a key commodity for cybercriminals,” explained Europol. “It is procured for immediate financial gain in many cases but, increasingly, also acquired to commit more complex fraud, encryption for ransom, or used directly for extortion.
4. Payment FraudThe agency noted it logical and malware attackers directly against ATMs continue to evolve and proliferate. In addition, organized crime groups are beginning to manipulate or compromise payments involving contactless (NFC) cards.
5. Online Child Sexual Abuse“The use of end-to-end encrypted platforms for sharing media, coupled with the use of largely anonymous payment systems, is facilitating an escalation in the live streaming of child abuse,” read the report.
6. Abuse of the DarknetAccording to the report, research indicates that almost 30% of hidden services on Tor relate to some form of illicit activity. Europol added that although the extent to which extremist groups currently use cyber techniques to conduct attacks are limited, the availability of cybercrime tools and services, as well as illicit commodities, provides opportunity for this change.
7. Social EngineeringAn increase of phishing aimed at high-value targets, including CEOs, was reported by both law enforcement and the private sector. Such campaigns have evolved in quality and authenticity, making it more difficult to tell apart from genuine communication, said Europol.
8. Virtual CurrenciesThe report noted cryptocurrencies, specifically Bitcoin, remain the currency of choice for much of cybercrime, such as extortion payments, whether as a consequence of ransomware or DDoS attacks. “The relentless growth of cybercrime remains a real and significant threat to our collective security in Europe,” Europol’s director Rob Wainwright said in a statement. “Europol is concerned about how an expanding cybercriminal community has been able to further exploit our increasing dependence on technology and the Internet.” Despite these growing concerns, Wainwright said there have been some improvements in the way law enforcement is tackling these threats.
“… The last 12 months have demonstrated that a coordinated approach by EU law enforcement that includes all relevant partners can result in significant successes in the fight against cybercrime, including in the important areas of prevention and awareness. I am confident that this will continue and improve in the years to come,” the report said.Click here to read the full IOCTA report (PDF).