Europol has released its 2018 Internet Organised Crime Threat Assessment (IOCTA) report. The key findings are:
Ransomware retains its dominance
This is expected to continue in the near future, even though the growth of ransomware is beginning to slow. In addition to attacks by financially motivated criminals, there is an increase in state-sponsored ransomware attacks. Mobile malware has not been extensively reported in 2017, but this has been identified as an anticipated future threat.
DDoS continues to plague public and private organisations
Distributed-Denial-of-Service (DDoS) attacks are used not only for financial benefits but for ideological, political or purely malicious reason. This type of attack is not only one of the most frequent (only second to malware in 2017); it is also becoming more accessible, low-cost and low-risk.
Production of CSEM continues
The amount of detected online Child Sexual Exploitation Material (CSEM), including Self-Generated Explicit Material (SGEM), continues to increase. Although most CSEM is still shared through P2P platforms, more extreme material is increasingly found on the Darknet.
Card-not-present fraud dominates payment but skimming continues
Skimming remains a common issue. As in previous years, this continues to decrease as a result of geoblocking measures. Skimmed card data is often sold via the Darknet and cashed out in areas where Europay, MasterCard and Visa (EMV) implementation is either slow or non-existent.
While Bitcoin has lost its majority of the overall cryptocurrency market share, it still remains the primary cryptocurrency encountered by law enforcement. Money launderers have evolved to use cryptocurrencies in their operations and are increasingly facilitated by new developments such as decentralised exchanges which allow exchanges without any Know Your Customer requirements.
Cryptojacking: a new cybercrime trend
Cryptojacking is an emerging cybercrime trend, referring to the exploitation of internet users’ bandwidth and processing power to mine cryptocurrencies. Actual cryptomining malware works to the same effect, but can cripple a victims system by monopolising their processing power.
Social engineering still the engine of many cybercrimes
Phishing remains the most frequent form of social engineering. Criminals use social engineering to achieve a range of goals: to obtain personal data, hijack accounts, steal identities, initiate illegitimate payments, or convince the victim to proceed with any other activity against their self-interest, such as transferring money or sharing personal data.
Shutters close on major Darknet markets, but business continues
The Darknet will continue to facilitate online criminal markets, where criminals sell illicit products in order to engage in other criminal activity or avoid surface net traceability. In 2017, law enforcement agencies shut down three of the largest Darknet markets: AlphaBay, Hansa and RAMP. These takedowns prompted the migration of users towards existing or newly-established markets, or to other platforms entirely, such as encrypted communications apps.
Convergence of cyber and terrorism
Islamic State continues is using encrypted messaging apps which offer private and closed chat groups, the dark web, or other platforms which are less able or willing to disrupt their activity.
While IS sympathisers have demonstrated their willingness to buy cyber-attack tools and services from the digital underground, their own internal capability appears limited. While most criminals prefer Bitcoin, terrorists have also used more anonymous cybercurrencies such as Zcash.
Cross-cutting crime factors
Europol also listed cross-cutting crime factors, the ones which contribute to multiple crime areas but are not necessarily inherently criminal themselves. West African fraudsters have evolved to adopt emerging fraud techniques, including those with more sophisticated, technical aspects, such as business email compromise. Many of the classic scams, such as technical support scams, advanced fee fraud and romance scams still result in a considerable numbers of victims.An increase in HTTPS encryption protocol by phishing sites misleads victims into thinking a website is legitimate and secure. Cyber-attacks which historically targeted traditional financial instruments are now targeting businesses and users of cryptocurrencies. While Bitcoin’s share of the cryptocurrency market is shrinking, it still remains the predominant cryptocurrency encountered in cybercrime investigations.