Cybercriminals around the globe are becoming increasingly proficient and aggressive, according to a new report from EuroPol, the law enforcement agency of the European Union.
Drawing on research from organizations through the year, the 2015 Internet Organised Crime Threat Assessment “highlights the increasing professionalisation of cybercriminals in terms of how attacks are planned and orchestrated using both new methods and techniques in addition to employing well-known attack vectors, and with an increased risk appetite and willingness to confront victims.”
Three of the largest areas of criminal activity include child sexual exploitation, cyberattacks and payment fraud.
“Cybercrime remains a growth industry,” the report adds. “The crime-as-a-service business model, which grants easy access to criminal products and services, enables a broad base of unskilled, entry-level cybercriminals to launch attacks of a scale and scope disproportionate to their technical capability and asymmetric in terms of risks, costs and profits.”
As a result of the potential for profit, EuroPol said, cybercriminals are becoming more aggressive. In the past, “contact would typically be of a passive, persuasive nature … cybercriminals were content to stealthily steal what they wanted with confrontation actively avoided.
“Today, however, cybercrime is becoming increasingly hostile. Instead of subterfuge and covertness, there is a growing trend of aggression in many cyber-attacks, and in particular the use of extortion.”
Some of the most popular methods for engaging in cybercrime include social engineering, phishing — which accounted for two-thirds of recent cyberespionage incidents — and a host of malware variants.
The authors point out fraud as an example of the evolving sophistication of social engineering schemes. “The modus operandi for such frauds involves an attacker impersonating the CEO or CFO of the company,” they wrote. “The attacker will contact an employee targeted for their access and request an urgent transaction into a bank account under the attacker’s control.”
Perpetrators are also using a variety of mediums to pursue victims. “There is continuing growth in the use of applications which allow [voice over Internet] or text messaging, particularly those available on mobile phones such as Skype, Viber or WhatsApp. In cases relating to online child abuse, Skype is noted as a common communication method in addition to web-based chat rooms.”
On the bright side, as cybercrime becomes a more targeted activity and channels of communication have proliferated, the volume of spam e-mails has gone down. “The overall volume of spam has continued to decline over the last few years, dropping to 28 billion spam messages per day in 2014. In June 2015, the overall spam rate fell below 50 percent; the lowest rate since September 2003,” the authors said.
EuroPol also noted that the virtual world is evolving at a pace beyond the ability of law enforcement to adequately monitor. The authors suggest that mitigating crime requires a long-term investment in infrastructure and consumers who are capable of protecting themselves.
“The fight against cybercrime must encompass more than catching criminals,” the authors conclude. “Investment in prevention and protection initiatives is also essential and can guard against many facets of cybercrime at once. Every well-educated and informed child, consumer or organisation is one less easy prey.”
“There will never be an end to criminality … a more prudent response is surely to build a solid defensive foundation.”
