Europol just released its annual IOCTA (Internet Organised Crime Threat Assessment) report. According to the Europol research, the agency sees ransomware as the most prominent threat to the cyber space.
“Cryptoware (encrypting ransomware) has become the most prominent malware threat, overshadowing data-stealing malware and banking Trojans,” the report says. “With cryptoware becoming a key threat for citizens and enterprises alike, law enforcement and the internet security industry have responded rapidly and in concert, with prevention and awareness campaigns and technical support, and operations targeting the criminal groups and infrastructure involved.”
Europol says ransomware “continues to be the dominant concern for EU law enforcement.” The variants of the malware have multiplied, and each version has unique properties. However, most of these ransomware variants use the same encryption technologies, such as Tor or l2P for communication and similar business models. Ransom is almost exclusively paid in bitcoins. Ransomware attacks target both individuals, businesses, institutions, healthcare or even the government.
According to the law enforcement agency, Crime-as-a-Service (CaaS) is the dominating business model among cybercriminals. CaaS provides the tools and services to the customers on the dark web.
“The mature Crime-as-a-Service model underpinning cybercrime continues to provide tools and services across the entire spectrum of cyber criminality, from entry-level to top-tier players, and any other seekers, including parties with other motivations such as terrorists,” the report goes by. “The boundaries between cybercriminals, Advanced Persistent Threat (APT) style actors and other groups continue to blur. While the extent to which extremist groups currently use cyber techniques to conduct attacks appears to be limited, the availability of cybercrime tools and services, and illicit commodities such as firearms on the dark net, provide ample opportunities for this situation to change.”
While ransomware provides hackers with easy money, information stealer malware (including banking trojans) can help cybercriminals acquire valuable data. Despite the value of the data, it requires effort to monetize information stealers. This type of malware can steal any data with potential value, but cybercriminals mostly use it to harvest banking and credit card details.
“The malware landscape – with regards to information stealers – remains largely unchanged from the previous year. While information stealing malware is no less prevalent or relentless than in previous years, the perceived lower threat level by law enforcement perhaps reﬂects that, along with support from private industry, law enforcement is now better equipped and better prepared to both investigate and mitigate this threat,” the IOCTA report states.
Another serious concern for the Europol – and to all law enforcement agencies – is online child exploitation. According to the report, there are two types of pedophiles: the financially driven with economic motivation and content driven for sexual purposes. Child exploiters mostly use social media platforms and forums to reach their potential victims, but dark net child porn forums are growing in popularity too.
“While peer-to-peer (P2P) networks continue to represent a popular platform for the exchange of child sexual exploitation material (CSEM), a growing number of dark net forums facilitating the exchange of CSEM, coupled with the ease of access to these networks, is leading to an increase in the volume of material being exchanged on the dark net,” the report goes by.
Recently, Steven W. Chase, the administrator of the PlayPen child porn website, was found guilty of running the website. The case links to the FBI’s infamous Operation Pacifier where the Bureau hacked over 1,300 computers and identified many users of the dark net site.
Money laundering has been also a big issue for the Europol. On September 9, they joined forces with the Interpol and the Basel Institute to fight bitcoin and finance-related crimes.