What can we learn from the Europol 2021 Internet Organised Crime Threat Assessment?
The 2021 Internet Organised Crime Threat Assessment (IOCTA) was published last week, examining the impact of cybercrime on citizens, businesses and organisations across the EU and the key role Europol plays in working with partners across law enforcement and the private sector to offer innovative solutions and effective support to investigations.
This is an approach shared by the team at the North West Cyber Resilience Centre but at a much more local level. We represent a strong local partnership response to protecting the North West business community from online crime, which we deliver by bringing together Law Enforcement, Academia and the Private sector in a coordinated and accessible way.
Whilst the IOCTA report addresses wider issues such as child sexual exploitation and abuse, use of the dark web and the emergence of grey infrastructure, I want to focus on the key findings for cyber-dependent crime where the priority threats are Online Fraud, Ransomware, Mobile Malware, Distributed Denial of Service (DDoS) attacks and the growing issue of Crime-as-a-service (CaaS).
Cyber Dependent Crime
Ransomware affiliate programs are using supply-chain attacks to compromise the networks of large corporations and public institutions and utilise new multi-layered extortion methods. This is sometimes referred to as the ‘triple threat’ where the victim is extorted not only to obtain the decryption key but also threatened with stolen data being published online and DDoS attacks to cause further significant business interruption damage. A new twist is criminals putting pressure on not only the victim but contacting their clients, employees and journalists to encourage payment of demands.
Mobile malware has become a scalable business model by introducing overlay attacks, two-factor authentication disruption and SMS-spamming capabilities.
DDoS for ransom seems to be making a return as criminals use the names of well-known advanced persistent threat (APT) groups to scare their targets into complying with ransom demands.
COVID-19 continues to have a significant impact on the European fraud landscape in the second year of the pandemic. Indeed in the UK, we have seen over a 30% increase in reported fraud and cybercrime over the last 12 months.
Phishing and social engineering remain the main vectors for payment fraud, increasing in both volume and sophistication.
Investment fraud is thriving as citizens incur devastating losses, but business email compromise (BEC) and CEO fraud also remain key threats.
Crime-as-a-service is enhancing the reach of attacks as offenders turn to the Dark web to obtain exploit kits and other services for those with low technical skills.
Malware-as-a-service (MaaS) has increased over the last 12 months, with Ransomware-as-a-service (RaaS) remaining prominent but evolving into a model where the creators of the malware share profits with criminals who breach a target network.
Access-as-a-service (AaaS) is also in high demand as it is an enabler for both advanced malware crews and low-level criminals renting the tools to access corporate networks.
This has resulted in a wealth of personal information being made available to illegal markets and bought by a wide range of criminals as it can significantly increase the success of social engineering techniques used to facilitate online fraud.
Users remain the weakest link in the IT security framework, which means security awareness training remains a critical step in protecting your business and information from an attack.
Much of this isn’t new and just goes further to evidence the need for effective partnership approaches delivered through the Cyber Resilience Centre network to help raise awareness across our business community and provide help, guidance and support on how best to mitigate the threat.
Our new Cyber Security Guide for Small Businesses contains more helpful information on how to protect yourself from ransomware, business email compromise and account compromise.
Neil Jones | Detective Superintendent | Greater Manchester Police