Police must target crime-as-a-service market, says Europol

News by Tom Reeve

Europol's fifth annual Internet Organised Crime Threat Assessment paints a pessimistic picture of the state of the fight against cyber-crime.

Europol is calling on law enforcement agencies to target the crime-as-a-service market to reduce the number of high-level cyber-attacks being conducted by low-skilled criminals.

This was one of the key messages from Europol’s fifth annual Internet Organised Crime Threat Assessment (IOCTA), presented today at the INTERPOL-Europol Cybercrime Conference in Singapore. It says the report "offers a unique law enforcement view of the emerging threats and key developments in the field of cyber-crime over the last year".

The report notes worrying trends in cyber-crime as criminals develop more sophisticated techniques in existing areas of activity and move into new areas.

Crime-as-a-service enables criminals with comparatively low cyber-skills to mount sophisticated attacks including DDoS and ransomware campaigns on a par with highly-skilled attackers.

"The attacks of 2017 highlight how it is becoming increasingly difficult for law enforcement, at the launch of an investigation, to determine whether they are investigating a crime committed by a sophisticated cyber-crime OCG [organised crime group], a state sponsored attacker or a cyber-crime amateur who has simply bought access to the attack tools he requires," the report said.

One of the dire predictions of the report is that fileless malware, which leaves little in the way of forensic traces in a target device, will become a standard component of attackers’ arsenals thanks to the crime-as-a-service market. "While currently there are few reports from law enforcement, attacks using fileless malware will become a standard component of the crime-as-a-service industry, just as cryptoware has today," the report said.

Currently, ransomware continues to be the most worrying form of malware, with the report acknowledging that it has become a standard tool for cyber-criminals. However, even this does not stand still as there are signs that the criminals are adjusting their attacks, refining their campaigns to target selected individuals and companies.

Predictions that mobile devices would become the next big target for ransomware have thankfully not been borne out, but experts remain concerned.

There are signs that companies throughout Europe are prepared to make ransom payments to attackers rather than report breaches to their country’s data protection regulator due to the potentially large fines they could have to pay under the General Data Protection Regulation (GDPR), Europol said in its report.

Online child sexual exploitation continues to spread as perpetrators adopt increasingly sophisticated techniques to disguise their activities, Europol said. Another contributory factor is the growing number of internet-enabled devices in the hands of children, some generated voluntarily by children and other material generated through extortion of children by offenders.

Live streaming of abuse is a growing area of concern for law enforcement. It is particularly complex to investigate as it leaves few forensic traces and live material does not need to be downloaded or stored locally, the report said. An additional complicating feature is it crosses national boundaries, raising issues of legal jurisdiction and intergovernmental cooperation, the report said.

Cryptocurrencies are an increasing concern for law enforcement as criminals use it for funding their activities. Bitcoin, despite the plethora of upstart challengers, continues to be the cryptocurrency of choice among criminals, the report said. With the rise of the virtual currencies has come an increase in attacks on the supporting infrastructure including currency exchangers, mining service and other wallet holders, Europol said.

Not surprisingly, phishing and other means of social engineering remain the most common route for bypassing security, the report said.

Europol’s executive director Catherine De Bolle said, "Cyber-crime cases are increasingly complex and sophisticated. Law enforcement requires additional training, investigative and forensic resources in order to adequately deal with these challenges. The policing opportunities arising from emerging technologies, such as big data analytics and machine learning, need to be seized."

European Commissioner for the Security Union, Sir Julian King, said, "Europe is still faced with a range of security threats from terrorism and cyber. We will continue to take decisive action, with the support of Europol, to tackle these threats, through our proposals on terrorist content online, electronic evidence and on election security, and through our cyber-security strategy."

Alan Woodward, visiting professor at the University of Surrey’s Surrey Centre for Cyber Security, told SC Magazine UK that the report shows that old style cyber-crimes are persisting even as new technology comes into play.

"One interesting shift for the criminals is that rather than attack financial institutions like banks they are finding easier pickings associated with cryptocurrencies," he told SC. "The other thing that is also interesting is that although other cryptocurrencies are firmly established, Bitcoin remains the cryptocurrency of choice for criminals."

Raj Samani, chief scientist at McAfee and an advisor on internet security to Europol’s European Cybercrime Centre (EC3), told SC, "The IOCTA report contains a wealth of valuable insight. In particular we see innovation across all sectors within the cyber-criminal community. One particular area highlighted, and often underreported, is in regards to money laundering activities.

"Leveraging their insights into this market we are presented with insightful information on the innovative use of cryptocurrency and social media to recruit and leverage money mules. It’s been said to follow the money and the innovation we see from criminals is making the trail as difficult as possible to track."

Javvad Malik, security advocate at AlienVault, welcomed the findings of the report, telling SC, "Collaboration appears to be one of the biggest and most prominent takeaways. Being able to establish trustworthy channels to collaborate and share information and intelligence is vital."

However, he felt that the report overlooked an important recent development. "There is no mention of the role of bots by organised crime and states to push agendas and misinformation, even though there are increasing industry studies that point to these as being tools in the arsenal of attackers," he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews