IOCTA 2020 Published by Europol

Europol has published its Internet Organised Crime Threat Assessment for 2020 (IOCTA 2020).   This highlights the dynamic and evolving threats from cybercrime and provides a unique law enforcement focused assessment of emerging challenges and key developments in the space.  The data collection for the IOCTA 2020 took place during the lockdown implemented as a result of the COVID-19 pandemic.  Indeed, the pandemic prompted significant change and criminal innovation in the area of cybercrime.  Criminals devised both new modi operandi and adapted existing ones to exploit the situation, new attack vectors and new groups of victims.

So much has changed since Europol published last year’s IOCTA. The global  pandemic forced the reimagination of our societies and the reinvention of the way we work and live.  During the lockdown, people turned to the Internet for a sense of normality: shopping, working and learning online at a scale never seen before.  The IOCTA 2020 seeks to map the evolving cybercrime threat landscape and understand how law enforcement responds to it.  Although the COVID-19 crisis has shown how criminals actively take advantage of society at its most vulnerable, this opportunistic behaviour should not overshadow the overall threat landscape. In many cases, COVID-19 has enhanced existing problems, some of which are shown below:

CROSS-CUTTING CRIME

• Social engineering and phishing remain an effective threat to enable other types of cybercrime.  Criminals use innovative methods to increase the volume and sophistication of their attacks, and inexperienced cybercriminals can carry out phishing campaigns more easily through crime as-a-service.  Criminals quickly exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19.
• Encryption continues to be a clear feature of an increasing number of services and tools.  One of the principal challenges for law enforcement is how to access and gather relevant data for criminal investigations.  The value of being able to access data of criminal communication on an encrypted network is perhaps the most effective illustration of how encrypted data can provide law enforcement with crucial leads beyond the area of cybercrime.

MALWARE REIGNS SUPREME

• Ransomware attacks have become more sophisticated, targeting specific organisations in the public and private sector through victim reconnaissance.  While the COVID-19 pandemic has triggered an increase in cybercrime, ransomware attacks were targeting the healthcare industry long before the crisis. Moreover, criminals have included another layer to their ransomware attacks by threatening to auction off the comprised data, increasing the pressure on the victims to pay the ransom.  Advanced forms of malware are a top threat in the EU: criminals have transformed some traditional banking Trojans into modular malware to cover more PC digital fingerprints, which are later sold for different needs.

PAYMENT FRAUD: SIM SWAPPING A NEW TREND

• SIM swapping, which allows perpetrators to take over accounts, is one of the new trends in IOCTA 2020.  As a type of account takeover, SIM swapping provides criminals access to sensitive user accounts.  Criminals fraudulently swap or port victims’ SIMs to one in the criminals’ possession in order to intercept the one-time password step of the authentication process.

CRIMINAL ABUSE OF THE DARK WEB

• In 2019 and early 2020 there was a high level of volatility on the dark web. The lifecycle of dark web market places has shortened and there is no clear dominant market that has risen over the past year. Tor remains the preferred infrastructure, however criminals have started to use other privacy-focused, decentralised marketplace platforms to sell their illegal goods. Although this is not a new phenomenon, these sorts of platforms have started to increase over the last year. OpenBazaar is noteworthy, as certain threats have emerged on the platform over the past year such as COVID-19-related items during the pandemic.