The IOCTA is Europol’s flagship strategic product highlighting the dynamic and evolving threats from cybercrime. It provides a unique law enforcement focused assessment of emerging challenges and key developments in the area of cybercrime. We are grateful for the many contributions from our colleagues within European law enforcement community and to our partners in the private industry for their input to the report. Combining law enforcement and private sector insights allows us to present this comprehensive overview of the threat landscape.
The data collection for the IOCTA 2020 took place during the lockdown implemented as a result of the COVID-19 pandemic. Indeed, the pandemic prompted significant change and criminal innovation in the area of cybercrime. Criminals devised both new modi operandi and adapted existing ones to exploit the situation, new attack vectors and new groups of victims.
Technical innovation can be harnessed for social good, but just as readily for nefarious ends. This is truer of cybercrime than of perhaps any other crime area. And cybercriminals are also getting more aggressive. That’s why Europol and its partner organisations are taking the fight to them on all fronts.
Cybercrime is an EMPACT priority for the policy cycle from 2018 to 2021: the aim is to fight cybercrime, by (1) disrupting the criminal activities related to attacks against information systems, particularly those following a Crime-as-a-Service business model and working as enablers for online crime, (2) combating child sexual abuse and child sexual exploitation, including the production and dissemination of child abuse material, and by (3) targeting criminals involved in fraud and counterfeiting of non-cash means of payment, including large-scale payment card fraud (especially card-not-present fraud), emerging threats to other non-cash means of payment and enabling criminal activities.
According to the most recent Internet Organised Crime Threat Assessment (IOCTA) , cybercrime is becoming more aggressive and confrontational. This can be seen across the various forms of cybercrime, including high-tech crimes, data breaches and sexual extortion.
Cybercrime is a growing problem for countries, such as EU Member States, in most of which internet infrastructure is well developed and payment systems are online.
But it is not just financial data, but data more generally, that is a key target for cybercriminals. The number and frequency of data breaches are on the rise, and this in turn is leading to more cases of fraud and extortion.
The sheer range of opportunities that cybercriminals have sought to exploit is impressive. These crimes include:
– using botnets—networks of devices infected with malware without their users’ knowledge—to transmit viruses that gain illicit remote control of the devices, steal passwords and disable antivirus protection;
– creating “back doors” on compromised devices to allow the theft of money and data, or remote access to the devices to create botnets;
– creating online fora to trade hacking expertise;
– bulletproof hosting and creating counter-anti-virus services;
– laundering traditional and virtual currencies;
– committing online fraud, such as through online payment systems, carding and social engineering;
– various forms of online child sexual exploitation, including the distribution online of child sex-abuse materials and the live-streaming of child sexual abuse;
– the online hosting of operations involving the sale of weapons, false passports, counterfeit and cloned credit cards, and drugs, and hacking services.
Malware, or malicious software, inﬁltrates and gains control over a computer system or a mobile device to steal valuable information or damage data. There are many types of malware, and they can complement each other when performing an attack.
– A botnet (short for robot network) is made up of computers communicating with each other over the internet. A command and control centre uses them to send spam, mount distributed denial-of-service (DDoS) attacks (see below) and commit other crimes.
– A rootkit is a collection of programmes that enable administrator-level access to a computer or computer network, thus allowing the attacker to gain root or privileged access to the computer and possibly other machines on the same network.
– A worm replicates itself over a computer network and performs malicious actions without guidance.
– A trojan poses as, or is embedded within, a legitimate programme, but it is designed for malicious purposes, such as spying, stealing data, deleting ﬁles, expanding a botnet, and performing DDoS attacks.
– A file infector infects executable files (such as .exe) by overwriting them or inserting infected code that disables them.
– A backdoor/remote-access trojan (RAT) accesses a computer system or mobile device remotely. It can be installed by another piece of malware. It gives almost total control to the attacker, who can perform a wide range of actions, including:
*sending files and documents back to the attacker
*taking screen shots
– Ransomware stops users from accessing their devices and demands that they pay a ransom through certain online payment methods to regain access. A variant, police ransomware, uses law enforcement symbols to lend authority to the ransom message.
– Scareware is fake anti-virus software that pretends to scan and find malware/security threats on a user’s device so that they will pay to have it removed.
– Spyware is installed on a computer without its owner’s knowledge to monitor their activity and transmit the information to a third party
– Adware displays advertising banners or pop-ups that include code to track the user’s behaviour on the internet