The volume, scope and cost of cybercrime have reached very high levels – and are set to get even higher, according to a report from Europol – the European Union’s (EU) law enforcement agency.
In a report identifying eight trends in the underworld of cybercrime, Europol warned that cybercrime offences were becoming the norm and overtaking the reporting of “traditional” crimes in some EU countries.
Europol’s Director Rob Wainwright warned in the report released Wednesday that “the relentless growth of cybercrime remains a real and significant threat to our collective security in Europe.”
“Europol is concerned about how an expanding cybercriminal community has been able to further exploit our increasing dependence on technology and the Internet.”
He added that the agency had seen “a marked shift” in cyber-facilitated activities relating to trafficking in human beings, terrorism and other threats.
Europol’s “Internet Organised Crime Threat Assessment” for 2016 identified eight cybercrime trends that everyone should beware of:
The digital underground is underpinned by a growing Crime-as-a-Service model that interconnects specialist providers of cybercrime tools and services with an increasing number of organized crime groups. Terrorist actors clearly have the potential to access this sector in the future.
Ransomware and banking Trojans (a malicious program used to obtain confidential information about customers and clients using online banking and payment systems) remain the top malware threats, a trend unlikely to change for the foreseeable future.
3: The criminal use of data
Data remains a key commodity for cyber-criminals. It is procured for financial gain in many cases but it is increasingly being used to commit more complex fraud, encrypted for ransom, or used directly for extortion.
4: Payment fraud
EMV (chip and PIN), geo-blocking and other industry measures continue to erode card-related fraud within the EU, but malware attacks directly against ATMs continue to evolve and proliferate. Organised crime groups are starting to manipulate or compromise payments involving contactless (NFC) cards.
5: Online child sexual abuse
The use of end-to-end encrypted platforms for sharing media, coupled with the use of largely anonymous payment systems, has facilitated an escalation in the live streaming of child abuse.
6: Abuse of the Darknet
The Darknet continues to enable criminals involved in a range of illicit activities, such as the exchange of child sexual exploitation material. The extent to which extremist groups currently use cyber techniques to conduct attacks are limited, but the availability of cybercrime tools and services, and illicit commodities such as firearms on the Darknet, provides opportunity for this to change.
7: Social engineering
An increase of phishing aimed at high value targets has been registered by enforcement private sector authorities. CEO fraud, a refined variant of spear phishing, has become a key threat.
8: Virtual currencies
Bitcoin remains the currency of choice for the payment for criminal products and services in the digital underground economy and the Darknet. Bitcoin has also become the standard payment solution for extortion payments.
Europe’s law enforcement authorities had responded to the changing threat by increasing their skill-sets, Wainwright said, “but the growing misuse of legitimate anonymity and encryption services for illegal purposes remain a serious impediment to the detection, investigation and prosecution of criminals.”
Yet Steve Wilson, the head of the European Cybercrime Centre, noted that there were reasons to be positive about progress in tackling cybercriminals.
“2016 has seen the further evolution of established cybercrime trends….However there are many positives to be taken from this year’s report. Partnerships between industry and law enforcement have improved significantly, leading to the disruption or arrest of many major cybercriminal syndicates and high-profile individuals associated with child abuse, cyber intrusions and payment card fraud, and to innovative new prevention programs such as the no more ransom campaign.”