Europol Eyes Cyber Threat (R)evolutions
November 15, 2021
The exceptional COVID-19 crisis has fuelled the increase of cybercrime in all its forms, while grey infrastructure serves to facilitate the proliferation of crime
The accelerated digitalisation related to the COVID-19 pandemic
has significantly influenced the development of a number of
cyber threats, according to the
new edition of Europol’s
Internet Organised Crime Threat Assessment. Criminals have been
quick to abuse the current circumstances to increase profits,
spreading their tentacles to various areas and exposing
vulnerabilities, connected to systems, hospitals or individuals.
While ransomware groups have taken advantage of widespread
teleworking, scammers have abused COVID-19 fears and the
fruitless search for cures online to defraud victims or gain
access to their bank accounts. The increase of online shopping
in general has attracted more fraudsters. With children spending
a lot more time online, especially during lockdowns, grooming
and dissemination of self-produced explicit material have
increased significantly. Grey infrastructure, including services
offering end-to-end encryption, VPNs and cryptocurrencies
continue to be abused for the facilitation and proliferation of
a large range of criminal activities. This has resulted in
significant challenges for the investigation of criminal
activities and the protection of victims of crime.
Ransomware affiliate programs enable a larger group of criminals to attack big corporations and public institutions by threatening them with multi-layered extortion methods such as DDoS attacks.
Mobile malware evolves with criminals trying to circumvent additional security measures such as two-factor authentication.
Online shopping has led to a steep increase in online fraud.
Explicit self-generated material is an increasing concern and is also distributed for profit.
Criminals continue to abuse legitimate services such as VPNs, encrypted communication services and cryptocurrencies.
The new edition of Europol’s Internet Organised Crime Threat
Assessment, launched today, looks into the (r)evolutionary
development of these trends, catalysed by the expanded
digitalisation of recent years. The report was presented during
the Europol-INTERPOL Cybercrime Conference. The conference
gathered about 100 experts together to share their insights into
the latest cybercrime trends and threats and to discuss how
innovation is essential in countering cybercrime acceleration.
Ransomware groups have used the pandemic to their advantage to
launch more sophisticated and targeted attacks. While mass
distributed ransomware seems to be in decline, cybercrime groups
and their affiliates opt for well-orchestrated manual attacks
against large corporations and government institutions. Always
driven by opportunities for larger profits, in the past
criminals have targeted companies which have both the financial
capability to pay large ransoms and the need to rapidly resume
operations in case of a successful cyberattack, which affects
their main activities. The attacks on Kaseya and SolarWinds show
how criminals have realised the potential in attacking digital
supply chains, often going for the ‘weakest link’. However, many
of the most infamous groups have reduced the attacks on
governments and social services in an attempt to limit the
attention of law enforcement on them. DDoS attacks have
re-emerged and are targeting service providers, financial
institutions and businesses. Claiming to be part of two
well-known threat groups, they have asked for significant
ransoms. The pandemic has also facilitated the breakthrough of
other threats, which were already making significant attempts to
penetrate the cyberspace. Mobile malware and specifically
banking Trojans have also been equipped with capabilities to
intercept text messages on Android devices, compromising the
two-factor authentication security protocols.
Child abusers have exploited the increased, unsupervised presence of children online during the pandemic in order to increase their grooming activities. The acceleration of production and dissemination of child sexual exploitation material is also fuelled by the proliferation of encrypted messaging applications and social media platforms. Online gaming and communication, the reduction of real-life social activities and the normalisation of sexual behaviour online are circumstances, which are abused by predators to target a larger number of victims. These factors create conditions for the victimisation of children online during a longer period. A key threat is the production of self-generated material, an alarming trend, which younger children are also exposed to. Lured by offenders using fake identities on gaming platforms and social media, more and more young children are falling into the trap of producing and sharing explicit material. Recording without the knowledge of the victims and the further dissemination of live-streamed sexual material is another alarming threat, referred to as ‘capping’. Peer-to-peer networks remain a key channel for the exchange of child abuse material, along with the Dark Web.