Major law enforcement successes despite an increasingly professionalised cybercrime landscape

The past 12 months have seen a number of unprecedented cyber-attacks in terms of their global scale, impact and rate of spread. Already causing widespread public concern, these attacks only represent a small sample of the wide array of cyber threats we now face. Europol’s 2017 Internet Organised Crime Threat Assessment (IOCTA) identifies the main cybercrime threats and provides key recommendations to address the challenges.

Europol’s Executive Director Rob Wainwright: "The global impact of huge cyber security events such as the WannaCry ransomware epidemic has taken the threat from cybercrime to another level. Banks and other major businesses are now targeted on a scale not seen before and, while Europol and its partners in policing and Industry have enjoyed success in disrupting major criminal syndicates operating online, the collective response is still not good enough. In particular people and companies everywhere must do more to better protect themselves."

The 2017 Internet Organised Crime Threat Assessment presents an in-depth assessment of the key developments, changes and emerging threats in cybercrime over the last year. It relies on contributions from the EU Member States, expert Europol staff and partners in private industry, the financial sector and academia. The report highlights important developments in several areas of cybercrime:

Ransomware has eclipsed most other cyber-threats with global campaigns indiscriminately affecting victims across multiple industries in both the public and private sectors. Some attacks have targeted and affected critical national infrastructures at levels that could endanger lives. These attacks have highlighted how connectivity, poor digital hygiene standards and security practices can allow such a threat to quickly spread and expand the attack vector.

has eclipsed most other cyber-threats with global campaigns indiscriminately affecting victims across multiple industries in both the public and private sectors. Some attacks have targeted and affected critical national infrastructures at levels that could endanger lives. These attacks have highlighted how connectivity, poor digital hygiene standards and security practices can allow such a threat to quickly spread and expand the attack vector. The first serious attacks by botnets using infected insecure Internet of Things (IoT) devices occurred.

using infected insecure devices occurred. Data breaches continue to result in the disclosure of vast amounts of data, with over 2 billion records related to EU citizens reportedly leaked over a 12 month period, often facilitated by poor digital hygiene and practices.

continue to result in the disclosure of vast amounts of data, with over 2 billion records related to EU citizens reportedly leaked over a 12 month period, often facilitated by poor digital hygiene and practices. The Darknet remains a key cross-cutting enabler for a variety of crime areas. It provides access to, amongst other things: the supply of drugs such as Fentanyl and new psychoactive substances which internationally have directly led to many fatalities; the supply of firearms that have been used in terrorist acts; compromised payment data to commit various types of payment fraud; and fraudulent documents to facilitate fraud, trafficking in human beings and illegal immigration.

remains a key cross-cutting enabler for a variety of crime areas. It provides access to, amongst other things: the supply of drugs such as Fentanyl and new psychoactive substances which internationally have directly led to many fatalities; the supply of firearms that have been used in terrorist acts; compromised payment data to commit various types of payment fraud; and fraudulent documents to facilitate fraud, trafficking in human beings and illegal immigration. Offenders continue to abuse the Darknet and other online platforms to share and distribute child sexual abuse material , and to engage with potential victims, often seeking to coerce or sexually extort vulnerable minors.

, and to engage with potential victims, often seeking to coerce or sexually extort vulnerable minors. Payment fraud affects almost all industries, having the greatest impact on the retail, airline and accommodation sectors. Several sectors are targeted by these fraudsters as the services they provide can be used for the facilitation of other crimes, including trafficking in human beings or drugs, and illegal immigration.

affects almost all industries, having the greatest impact on the retail, airline and accommodation sectors. Several sectors are targeted by these fraudsters as the services they provide can be used for the facilitation of other crimes, including trafficking in human beings or drugs, and illegal immigration. Direct attacks on bank networks to manipulate card balances, take control of ATMs or directly transfer funds, known as payment process compromise, represents one of the serious emerging threats in this area.

Julian King, EU Commissioner for the security union, said: “This report shows online crime is the new frontier of law enforcement. We’ve all seen the impact of events like WannaCry: whether attacks are carried out for financial or political reasons, we need to improve our resilience and ensure cybercrime does not pay - last week the EU set out a package of concrete cybersecurity measures.”

Dimitris Avramopoulos, EU Commissioner for Migration, Home Affairs and Citizenship, added: "Cross-border Cyber threats today threaten not only our citizens and our economies, but also our democracies themselves. Cybercrime has become increasingly instrumental in geopolitics and conflicts. With a new EU cyber strategy, and a stronger role for European agencies, including ENISA and Europol, we will be better equipped to increase cybersecurity collectively, in Europe and beyond."

Despite the growing threats and challenges for law enforcement, last year did see some tremendous operational successes, for example the takedown of two of the largest Darknet markets, AlphaBay and Hansa, the dismantling of the Avalanche network, and two successful Global Airport Action Days targeting those travelling on fraudulently-purchased airline tickets.

The IOCTA seeks to make recommendations for law enforcement, policy makers and regulators to allow them to act and plan accordingly, and respond to cybercrime in an effective and concerted manner.

Law enforcement must continue to focus on the actors developing and providing the cybercrime attack tools and services responsible for ransomware, banking Trojans and other malware, and suppliers of DDOS attack tools, counter-anti-virus services and botnets.

developing and providing the cybercrime attack tools and services responsible for ransomware, banking Trojans and other malware, and suppliers of DDOS attack tools, counter-anti-virus services and botnets. The international law enforcement community must continue to build trusted relationships with public and private partners , CERT communities, etc, so that it is adequately prepared to provide a fast and coordinated response in case of a global cyber-attack.

, CERT communities, etc, so that it is adequately prepared to provide a fast and coordinated response in case of a global cyber-attack. Company employees and the general public need to be educated to recognise and respond accordingly to changing criminal tactics like social engineering and spam botnets. EU Member States should continue to support and expand their engagement with Europol in the development of pan-European prevention and awareness campaigns .

. While investigating online child sexual exploitation , EU Member States should ensure sufficient investigative tools and resources to fight this crime. Joint high-quality and multilingual EU-wide prevention and awareness activity needs to be maintained.

, EU Member States should ensure sufficient investigative tools and resources to fight this crime. Joint high-quality and multilingual EU-wide prevention and awareness activity needs to be maintained. Law enforcement needs to develop a globally coordinated strategic overview of the threat presented by the Darknet . Such analysis would allow for future coordination of global action to destabilise and close down criminal marketplaces. It is also essential that investigators responsible for all crime areas represented on Darknet markets have the knowledge, expertise and tools required to effectively investigate and act in this environment.

. Such analysis would allow for future coordination of global action to destabilise and close down criminal marketplaces. It is also essential that investigators responsible for all crime areas represented on Darknet markets have the knowledge, expertise and tools required to effectively investigate and act in this environment. The growing threat of cybercrime requires dedicated legislation that enables law enforcement presence and action in an online environment. The lack of adapted legislation is leading to a loss of both investigative leads and the ability to effectively prosecute online criminal activity.

All the details are available in the 2017 Internet Organised Crime Threat Assessment (IOCTA): IOCTA 2017 website | IOCTA 2017 PDF version

The IOCTA was presented during the annual Europol-INTERPOL Cybercrime Conference, held in The Hague from 27-29 September.