Europol’s Serious Organized Crime Threat Assessment report 2021 summarizes the criminal threat of the last four years and provides insights into what to expect over the next four years. While focused on Europe, it will not be substantively different to other areas of the globe.
Organized crime is not limited to cybercrime, but cybercrime has become a major part of organized criminal activity. Europol sees this increasing – business transformation, the increasingly digital society, and the growth of remote working all provide new vulnerabilities and more opportunities for exploitation.
“Critical infrastructures will continue to be targeted by cybercriminals in the coming years, which poses significant risks,” warns the report (PDF). “Developments such as the expansion of the Internet of Things (IoT), the increased use of artificial intelligence (AI), applications for biometrics data or the availability of autonomous vehicles will have a significant impact. These innovations will create criminal opportunities.”
There have been some successes against the criminals. The disruption of the Emotet botnet in January 2021 (a global effort involving authorities from the Netherlands, Germany, the U.S., the UK, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol) is highlighted. But the general impression is that cybercrime is becoming more sophisticated, criminal gangs are becoming more organized, and the threat is becoming more widespread.
Security professionals such as Matt Lock, technical director UK at Varonis, have welcomed the disruption of Emotet. It’s “a huge step in the fight back against organized criminal groups,” he says. “Emotet earned notoriety as the ‘world’s most dangerous malware’ and was linked to attacks that were launched at an industrial scale. But he adds a note of warning. “This may have closed the chapter on Emotet, but we know that taking down one botnet won’t put a stop to other networks taking their place. Criminals will regroup and rebuild and may be spurred on to employ even more sophisticated tactics.”
The standard cyber threats are given little comment in the Europol report beyond the observation that criminal gangs are increasingly offering them ‘as a service’. “Developers offer technical expertise and support as service providers to affiliates who are often entry-level cybercriminals that identify and infect vulnerable targets.” This increases the volume of foot soldier criminals without decreasing the sophistication of the attacks.
Malware – New strains and variants continue to evolve. ENISA reports that it detects 230,000 new strains of malware every day.
Ransomware – Europol notes that the number of attacks and their level of sophistication continues to grow. “The increase in the number of attacks on public institutions and large companies is particularly notable.”
DDoS – Denial of service is a persistent threat, often accompanied by extortion attempts. Attacks against public institutions and critical infrastructures continue, but criminals are increasingly targeting smaller organizations with lower security standards.
AI as a double-edged sword
Artificial Intelligence (AI) was initially hailed as the silver bullet to find and stop cyber-attacks – and it cannot be denied that it plays an important role in many different security defenses. As Gregory Cardiet, security engineering director at Vectra comments, “The performance and analytical power of AI can be advantageous for organizations needing to detect the subtle indicators of targeted ransomware behaviors and the misuse of privileged credentials from networks and the cloud. With AI, this can be done at a speed and scale that humans and traditional signature-based tools simply cannot achieve.”
But Europol raises the specter of AI being used by hackers offensively. The report points to the use of machine learning and AI ”to manipulate or generate visual and audio content with a high potential to deceive… The criminal use of AI, including the exploitation of deepfakes, is expected to increase in the future. The incorporation of AI into existing techniques may widen the scope and scale of cyberattacks.”
The effect of the pandemic on cybercrime
The last 12 months have been a year of lockdowns and working from home (WFH). The increased attack surface for companies and a subsequent dramatic growth of pandemic-related cybercrime is well-documented.
“Last year saw a multitude of damaging consequences from ransomware, breaches and targeted attacks against sensitive data,” comments Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber. “From breaches of COVID-19 research data to attacks on critical infrastructure and government agencies, cybercriminals have taken advantage of the most sensitive vulnerabilities at the expense of the organizations that have the most to lose. As remote working becomes the norm even after this pandemic declines, an agile security team and agile infrastructure will be critical.
But Europol raises a less-discussed issue. With children spending months at home during school closures – often with no entertainment beyond the internet – there has been a subsequent and consequent growth in online child exploitation; particularly what is known as live distance abuse. Live distance child abuse refers to the phenomenon of a perpetrator paying to direct the live abuse of children through video-sharing platforms.
The majority of victims are girls aged 13 or less, and are usually filmed in a home setting. At that age, most young girls do not have the maturity to assess a relationship as friendly or abusive, and are all-too-easily manipulated by persuasion, coercion or ransom into performing sexual acts – most likely unaware that the video is being shared online with countless paying ‘customers’. Having been filmed once, the victim is open to blackmail to continue the practice.
Europol notes that it has a database of more than 40 million images of child sexual abuse from around the world.
Another effect of the pandemic has been to increase the demand for pirated digital content. “Demand for digital content, both legal and illegal, has surged during the COVID-19 pandemic,” notes Europol – although it also notes that legal methods of accessing content have multiplied and become cheaper. This, it suggests, is likely to make pirated content less attractive in the future.
The dark web
The role of the dark web in criminal activity should not be underestimated, with criminals using it to exchange expertise on how to maintain operational security in their activities.
“The use of dark web platforms (markets) for the sale of illegal drugs and weapons has increased over the last four years, but law enforcement takedowns, in combination with cyberattacks on platforms, exit fraud or voluntary closures, appear to have generated some distrust among users and may have slowed the growth rate.” Despite their existence, however, it is worth noting that the sale of guns and drugs ‘on the street’ dwarfs that of online.
Trafficking in human beings (THB) is also done in the dark web as well as the surface web. The primary types are for labor and for sex. The pandemic-related recession makes it easier for criminals to exploit people desperate for work. The need for income makes it easier for criminals to exploit young women, while the lockdowns increase the potential market of online customers.
“Traffickers use online platforms and services to identify victims, orchestrate THB for sexual exploitation and advertise the services of victims,” notes Europol. “The use of websites to advertise the sexual services of victims to clients has become a fundamental feature of this type of exploitation.”
Europol believes that THB is significantly underreported, and notes that THB for labor exploitation is increasing in the EU.
Online fraud
Fraud is given extensive coverage within Europol’s report. Investment fraud, BEC, non-delivery fraud, romance fraud, fake invoice fraud, social benefit fraud, bank fraud and subsidy fraud are all mentioned and explained, but without any statistics. U.S. statistics can be found in the annual FBI/IC3 reports.
Dirk Schrader, global VP of security research at New Net Technologies, believes a lack of detail throughout the report is a weakness. “The report is short on details about the outlook, about expected developments, what future attack scenarios might look like, how the modus operandi might evolve with total digitalization, and how cyber-crime 4.0 might exploit what that total digitalization has in common.”
Underlying the success of fraud has been an increase in the sophistication of social engineering. This is likely to continue. “The use of deepfakes will make it much more challenging to identify and counter fraud,” warns Europol. “Deepfakes mimic seemingly real photo, video and audio recordings of people. Fraudsters have already used voice impersonation as part of CEO fraud schemes and will likely expand the use of this technology as part of their criminal activities.”
Jeremy Hendy, CEO at Skurio, comments, “Cybercriminals find any monetary transactions almost irresistible, making any sized organization a target. In the case of BEC fraud, this is a straightforward way to execute a payment diversion scam – businesses that don’t monitor for leaks of compromised credentials outside their network would suspect nothing.” For him, continuous monitoring of the dark web for personal corporate email credentials is an essential way of combatting fraud.
“The organized crime landscape,” summarizes Europol, “is characterized by a networked environment where cooperation between criminals is fluid, systematic and driven by a profit-oriented focus. A key characteristic of criminal networks, once more confirmed by the pandemic, is their agility in adapting to and capitalizing on changes in the environment in which they operate… Serious and organized crime remains a key security threat facing the EU and its Member States.”
Related: Nation State Cyber Attacks on Rise, Says Europol
Related: Ransomware Attacks ‘Getting Bolder’: Europol
Related: Europol on Methodology Behind Successful Spear Phishing Attacks
