Europol report shines light on cybercriminal underworld

Print Friendly, PDF & Email

Europol has published a sobering annual Internet Organized Crime Threat Assessment (IOCTA) 2020 report that in addition to surfacing some new wrinkles in the types of cybersecurity attacks being launched also describes in detail the degree to which cybercriminals have been exploiting the COVID-19 pandemic for their own gain.

Based on a series of semi-structured interviews with officials from Europol member states and several third-party countries as well as partner countries and cybersecurity experts from the European Cybercrime Centre (EC3), the report finds cybercriminals have become especially adept at tweaking many existing forms of cybercrime to take advantage of uncertainty and the public’s need for reliable information.

The pandemic also amplified known cybersecurity issues because so many more people are working from home using insecure systems and networks, the report notes.

However, there are a few new tactics being employed that Europol calls out, including:

  • Cybercriminals are now employing a more holistic approach to launching phishing attacks by assuming false identities and working in close cooperation with other cybercriminals. The scale of these attacks has also increased as cybercriminals make use of a wider range of cybercrime as-a-service platforms.
  • Ransomware attacks are not only more targeted, cybercriminals also now threaten to auction sensitive data on the dark web or simply destroy it altogether. Cybercriminals have also converted some traditional banking Trojans into more advanced polymorphic malware. The Emotet banking Trojan has been used by cybercriminals to deliver other malicious malware payloads such as Ryuk ransomware and Trickbot. The developers behind Trickbot added a ‘Trickbooster botnet’ to the malware to increase propagation.
  • Business email compromise (BEC) continues to increase as criminals have begun to acquire a deeper understanding of internal business processes and system vulnerabilities. Criminals are compromising bank accounts, identifying the ideal time to strike, managing email conversations via man-in-the-middle attacks, or even using artificial intelligence (AI) to mimic the voice of a CEO. They have also become better at mastering local languages and contexts in addition to setting up complex criminal networks to launder proceeds.
  • Payment cards are being compromised via e-skimming attacks, also known as digital skimming, through which cybercriminals inject malicious JavaScript code into the checkout page of an online merchant, which enables them to capture personal data and credit card credentials. The most common type of e-skimming activity employs Magecart malware, however, new variants such as Pipka are starting to become more common.
  • Cybercriminals are capturing entire digital identities from compromised machines. Purchases are made from a compromised computer that allows a cybercriminal to pretend to be a returning customer by using the same browser settings and card credentials.
  • SIM swapping has emerged as a new type of account takeover. Criminals find ways to swap or port a victim's SIM card in their smartphone to capture the one-time password used for authentication.

The report also notes DarkWeb administrators are working more closely together by sharing code and security methodologies, such as eliminating registration requirements by having no user names or digital wallets, requiring multiple signatures on Bitcoin and Monero transactions, and enacting no JavaScript policies. Instead of transaction fees, the market receives a monthly commission. Users of DarkWeb services have also opted for more secure communication channels such as Sonar, Elude58, Discord, Wickr, and Telegram.

Put it all together, and it becomes clear cybercriminals are continually evolving their techniques. Europol is once again calling for more cooperation, coordination, and information sharing to combat these threats, as well as greater awareness and, controversially, expansion of legal frameworks to make it simpler for law enforcement agencies to decrypt communications. It’s unclear to what degree any progress might be made on any of those issues anytime soon. In the meantime, however, it’s apparent the bad guys are becoming that much more cunning with each passing day.

Scroll to top