Europol has published a sobering annual Internet Organized Crime Threat Assessment (IOCTA) 2020 report that in addition to surfacing some new wrinkles in the types of cybersecurity attacks being launched also describes in detail the degree to which cybercriminals have been exploiting the COVID-19 pandemic for their own gain.
Based on a series of semi-structured interviews with officials from Europol member states and several third-party countries as well as partner countries and cybersecurity experts from the European Cybercrime Centre (EC3), the report finds cybercriminals have become especially adept at tweaking many existing forms of cybercrime to take advantage of uncertainty and the public’s need for reliable information.
The pandemic also amplified known cybersecurity issues because so many more people are working from home using insecure systems and networks, the report notes.
However, there are a few new tactics being employed that Europol calls out, including:
- Cybercriminals are now employing a more holistic approach to launching phishing attacks by assuming false identities and working in close cooperation with other cybercriminals. The scale of these attacks has also increased as cybercriminals make use of a wider range of cybercrime as-a-service platforms.
- Ransomware attacks are not only more targeted, cybercriminals also now threaten to auction sensitive data on the dark web or simply destroy it altogether. Cybercriminals have also converted some traditional banking Trojans into more advanced polymorphic malware. The Emotet banking Trojan has been used by cybercriminals to deliver other malicious malware payloads such as Ryuk ransomware and Trickbot. The developers behind Trickbot added a ‘Trickbooster botnet’ to the malware to increase propagation.
- Business email compromise (BEC) continues to increase as criminals have begun to acquire a deeper understanding of internal business processes and system vulnerabilities. Criminals are compromising bank accounts, identifying the ideal time to strike, managing email conversations via man-in-the-middle attacks, or even using artificial intelligence (AI) to mimic the voice of a CEO. They have also become better at mastering local languages and contexts in addition to setting up complex criminal networks to launder proceeds.
- Cybercriminals are capturing entire digital identities from compromised machines. Purchases are made from a compromised computer that allows a cybercriminal to pretend to be a returning customer by using the same browser settings and card credentials.
- SIM swapping has emerged as a new type of account takeover. Criminals find ways to swap or port a victim's SIM card in their smartphone to capture the one-time password used for authentication.
Put it all together, and it becomes clear cybercriminals are continually evolving their techniques. Europol is once again calling for more cooperation, coordination, and information sharing to combat these threats, as well as greater awareness and, controversially, expansion of legal frameworks to make it simpler for law enforcement agencies to decrypt communications. It’s unclear to what degree any progress might be made on any of those issues anytime soon. In the meantime, however, it’s apparent the bad guys are becoming that much more cunning with each passing day.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.