The accelerated digitalization related to the COVID-19 pandemic has significantly influenced the development of a number of cyber threats, according to the new edition of Europol’s Internet Organized Crime Threat Assessment. Criminals have been quick to abuse the current circumstances to increase profits, spreading their tentacles to various areas and exposing vulnerabilities, connected to systems, hospitals or individuals.
While ransomware groups have taken advantage of widespread teleworking, scammers have abused COVID-19 fears and the fruitless search for cures online to defraud victims or gain access to their bank accounts. The increase of online shopping in general has attracted more fraudsters. With children spending a lot more time online, especially during lockdowns, grooming and dissemination of self-produced explicit material have increased significantly. Gray infrastructure, including services offering end-to-end encryption, VPNs and cryptocurrencies continue to be abused for the facilitation and proliferation of a large range of criminal activities. This has resulted in significant challenges for the investigation of criminal activities and the protection of victims of crime.
In addition to expanding the efforts to tackle these threats from a law enforcement perspective, Europol says it is crucial to add another level of protection in terms of cybersecurity. The implementation of measures such as multi-factor authentication and vulnerability management are of utmost importance to decrease the possible exposure to cyber threats. Awareness raising and prevention are key components in reducing the effectiveness of cyberattacks and other cyber enabled criminal activities.
The report notes several key threats:
- Ransomware affiliate programs enable a larger group of criminals to attack big corporations and public institutions by threatening them with multi-layered extortion methods such as DDoS attacks.
- Mobile malware evolves with criminals trying to circumvent additional security measures such as two-factor authentication.
- Online shopping has led to a steep increase in online fraud.
- Explicit self-generated material is an increasing concern and is also distributed for profit.
- Criminals continue to abuse legitimate services such as VPNs, encrypted communication services and cryptocurrencies.
Europol’s Internet Organized Crime Threat Assessment looks into the development of these trends, fueled by the expanded digitalization of recent years. The report was presented during the Europol-INTERPOL Cybercrime Conference, which gathered about 100 experts together to share their insights into the latest cybercrime trends and threats and to discuss how innovation is essential in countering cybercrime acceleration.
Delegates heard how, to keep pace with technological developments, law enforcement must have the right skillsets to tackle digital crime at the national, regional and international levels, as well as targeted and tailored capacity building focusing on policing innovation.
Discussions illustrated how societal and technological advances can enable police to tackle cybercrime with innovative solutions, such as the decryption of evidence lawfully obtained through criminal investigations and the role of laboratories in law enforcement innovation.
Europol says ransomware groups have used the pandemic to their advantage to launch more sophisticated and targeted attacks. While mass distributed ransomware seems to be in decline, cybercrime groups and their affiliates opt for well-orchestrated manual attacks against large corporations and government institutions. Always driven by opportunities for larger profits, in the past criminals have targeted companies which have both the financial capability to pay large ransoms and the need to rapidly resume operations in case of a successful cyberattack, which affects their main activities. The attacks on Kaseya and SolarWinds show how criminals have realized the potential in attacking digital supply chains, often going for the ‘weakest link’. However, many of the most infamous groups have reduced the attacks on governments and social services in an attempt to limit the attention of law enforcement on them. DDoS attacks have re-emerged and are targeting service providers, financial institutions and businesses. Claiming to be part of two well-known threat groups, they have asked for significant ransoms. The pandemic has also facilitated the breakthrough of other threats, which were already making significant attempts to penetrate cyberspace. Mobile malware and specifically banking Trojans have also been equipped with capabilities to intercept text messages on Android devices, compromising the two-factor authentication security protocols.
The report adds that child abusers have exploited the increased, unsupervised presence of children online during the pandemic in order to increase their grooming activities. The acceleration of production and dissemination of child sexual exploitation material is also fueled by the proliferation of encrypted messaging applications and social media platforms. Online gaming and communication, the reduction of real-life social activities and the normalization of sexual behavior online are circumstances that are abused by predators to target a larger number of victims. These factors create conditions for the victimization of children online during a longer period. A key threat is the production of self-generated material, an alarming trend, which younger children are also exposed to. Lured by offenders using fake identities on gaming platforms and social media, more and more young children are falling into the trap of producing and sharing explicit material. Recording without the knowledge of the victims and the further dissemination of live-streamed sexual material is another alarming threat, referred to as ‘capping’. Peer-to-peer networks remain a key channel for the exchange of child abuse material, along with the Dark Web.