Account Takeover Fraud , Blockchain & Cryptocurrency , Business Email Compromise (BEC)

Cybercrime: 12 Top Tactics and Trends

From Ransomware and DDoS to Malware and SIM Swapping: Europol Describes Latest Threats
Cybercrime: 12 Top Tactics and Trends

Ransomware attacks remain the top cyber-enabled threat seen by law enforcement agencies. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large.

See Also: Every Second Counts: 6-Step Ransomware Remediation Guide

So says the seventh annual Internet Organized Crime Threat Assessment, produced by the European Cybercrime Center, aka EC3, which is part of the EU's law enforcement intelligence agency, Europol.

As Europol Executive Director Catherine De Bolle writes in her introduction to the latest IOCTA, it "provides a unique, law enforcement-focused assessment of emerging challenges and key developments in the area of cybercrime."

What are the top cybercrime trends? Here's a sampling from the report, with threats listed alphabetically:

1. Business Email Compromise

BEC attacks continue to rise, Europol warns. "As criminals are more carefully selecting their targets, they have shown a significant understanding of internal business processes and systems’ vulnerabilities" (see: Business Email Compromise: Battling Advanced Attackers).

2. COVID-19 Themes

Whatever is topical gets tapped by scammers, fraudsters and others to trick potential victims and, of course, nothing this year has loomed larger than COVID-19 (see: Cybercrime Review: Hackers Cash in on COVID-19).

"Criminals tweaked existing forms of cybercrime to fit the pandemic narrative, abused the uncertainty of the situation and the public’s need for reliable information," the report says. But such opportunism is just the latest variation on long-established ploys. "In many cases, COVID-19 caused an amplification of existing problems, exacerbated by a significant increase in the number of people working from home," the report adds.

3. Criminal Cooperation

One major malware concern for law enforcement agencies is the extent to which crime gangs that wield malicious code appear to be collaborating. "Both member states and private sector respondents have noticed an increase in subcontracting and cooperation among threat actors, which has improved their capabilities," the report says. "Similarities in how criminals behind the trio [of] Ryuk ransomware, Trickbot and Emotet malware operate suggests that criminals across different attack approaches could either belong to the same overall structure, or that they are becoming smarter at cooperating with each other." (See: Emotet, Ryuk, TrickBot: 'Loader-Ransomware-Banker Trifecta')

A similar trend has been seen with ransomware gangs increasingly "cooperating over malware, infrastructure and money-laundering activities."

4. Criminals (Still) Love Cryptocurrency

Following the money continues to be a challenge as criminals tap virtual currency. "Cryptocurrencies continue to facilitate payments for various forms of cybercrime, as developments evolve with respect to privacy-oriented crypto coins and services," the IOCTA report states. On the flip side, exchanges and wallets where users legitimately store their cryptocurrency also continue to be top targets for criminals (see: DOJ: 2 Russians Defrauded Cryptocurrency Exchanges).

5. Distributed Denial-of-Service Attacks

While the overall quantity of DDoS attacks has recently declined, some individual attacks have nevertheless caused massive disruptions. "Law enforcement agencies also came across cases where threat actors engaged in small attacks against larger organizations, extorting them for money with the threat of conducting larger attacks,” the report says (see: New Zealand Exchange's Massive DDoS Attack: What Went Wrong?).

Another DDoS trend: Targeting smaller organizations that are less likely to have DDoS defenses in place and are thus relatively easy for extortionists to disrupt (see: Ransomware and DDoS Attacks Disrupt More Schools).

6. Modular Malware

In years past, banking Trojans were a favored tool for criminals keen to steal individuals' bank details and drain their accounts. Today, more common is "more advanced, modular malware," which is designed to give attackers a much broader range of capabilities, the report states. But of them all, Emotet is malware public enemy No. 1, based on the damage it continues to cause (see: CISA Warns of Emotet Attacks Against Government Agencies).

7. Non-Cash Fraud

"Card-not-present fraud continues to increase as criminals diversify in terms of target sectors and electronic skimming - e-skimming - modi operandi," the report notes. "Fueled by a wealth of readily available data, as well as a cybercrime-as-a-service community, it has become easier for criminals to carry out highly targeted attacks," as well as to cash out stolen data, including payment card details (see: Police Bust 3 Suspected Magecart Hackers in Indonesia).

8. Online Child Abuse

Unfortunately, the online distribution of child sexual abuse material as well as exploitation has continued to increase. "As in previous years, the amount of online CSAM [child sexual abuse material] detected continues to increase, further exacerbated by the COVID-19 crisis, which has had serious consequences for the investigative capacity of law enforcement authorities," Europol's report states (see: Spies Join UK Online Crime Fight).

"The Philippines remains the main country where live distant child abuse (LDCA) takes place," Europol says, and cases there surged as "already poor families struggled to generate income and children did not go to school." But a large operation in Romania also revealed "significant levels of livestreaming taking place within the country, demonstrating that the EU is not immune to this threat."

9. Ransomware

Simply put, "ransomware remains the most dominant threat as criminals increase pressure by threatening publication of data if victims do not pay," the report notes. The threat is being felt globally. Attacks appear to be getting increasingly targeted and could soon extend to smart cities and devices (see: Want Your Coffee Machine Back? Pay a Ransom).

One challenge, however, is underreporting of such crime by victims. "Considering the scale of damage that ransomware can have, victims also appear to be reluctant to come forward to law enforcement authorities or the public when they have been victimized, and this makes it even more difficult to identify and investigate such cases," says Philipp Amann, head of strategy at Europol's European Cybercrime Center.

What's new about ransomware? Nicole S. van der Meulen, head of policy and development at Europol's European Cybercrime Center, describes trends at an Oct. 5 press conference.

"What criminals have done is, in addition to taking hostage of the data … they've added a twist by saying, if you do not pay," then the data will get leaked, potentially triggering an EU General Data Protection Regulation fine, said Nicole S. van der Meulen, head of policy and development at EC3, at an Oct. 5 press conference.

10. SIM Swapping

This is the first IOCTA report to include subscriber identity module - aka SIM - swapping as one of the major trends. It's included because this tactic has been causing "significant losses" and also attracting much more attention from law enforcement agencies, Europol says.

"As a highly targeted type of social engineering attack, SIM swapping can have potentially devastating consequences for its victims, by allowing criminals to bypass text message-based (SMS) two-factor authentication (2FA) measures gaining full control over their victims’ sensitive accounts," the report states (see: DOJ: Pair Used SIM Swapping Scam to Steal Cryptocurrency).

11. Smishing Attacks

Smishing - sending fraudulent text messages, often to emulate banks - is a fast-rising type of fraud that resembles phishing, but which may not be seen as suspicious by recipients. "As most bank customers receive the advice to be suspicious of emails, customers do not yet have the same level of skepticism towards potentially fraudulent text messages," the report says. "In addition, it is difficult to impossible for banks to protect their customers from smishing attacks, as criminals aim to abuse the Alpha Tag of the SMS thread and Signaling System 7 (SS7) vulnerabilities" (see: Bank Account Hackers Used SS7 to Intercept Security Codes).

12. Social Engineering and Phishing

Social engineering also remains a top threat - especially when it comes to phishing attacks. "Cybercriminals are now employing a more holistic strategy by demonstrating a high level of competency when exploiting tools, systems and vulnerabilities, assuming false identities and working in close cooperation with other cybercriminals," Europol's report states. "However, despite the trend pointing toward a growing sophistication of some criminals, the majority of social engineering and phishing attacks are successful due to inadequate security measures or insufficient awareness of users … as attacks do not have to be necessarily refined to be successful." (See: Trump's COVID-19 Illness Sparks Phishing Campaigns)

Coda to Victims: Please Come Forward

With the release of the latest IOCTA, Europol has again issued a call to victims: Please come forward to help police better understand the full scale of such attacks as well as track targets and tactics.

"Not reporting cases to law enforcement agencies not only means you will never get justice, but it can also hamper any wider police investigations. So, the more victims report a crime, the more data law enforcement can gather, and therefore, the more likely connections between different crimes can be established," says EC3's Amann.

Senior Correspondent Chinmay Rautmare contributed to this report.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.