Europol publishes report on malware-based cyber attacks

Europol has published a spotlight report “Cyber Attacks: The Apex of Crime-as-a-Service”, which sheds light on malware and DDoS attacks and unveils ransomware groups’ business structures as observed by Europol’s operational analysts.  The report, that follows Europol’s Internet Organised Crime Assessment (IOCTA) 2023, also outlines the types of criminal structures that are behind cyber-attacks, and how these increasingly professionalised groups are exploiting changes in geopolitics as part of their modi operandi.

This report is the first in a series of Spotlight Reports released by Europol as part of the IOCTA 2023.  Each takes a closer look at emerging trends in a specific area of cybercrime.  Other modules within the IOCTA 2023 look at online fraud and child sexual exploitation.

Key findings of the Report

  • Malware-based cyber attacks remain the most prominent threat to industry;
  • Ransomware affiliate programs have become established as the main form of business organisation for ransomware groups;
  • Phishing emails containing malware, Remote Desktop Protocol (RDP) brute forcing and Virtual Private Network (VPN) vulnerability exploitation are the most common intrusion tactics;
  • The Russian war of aggression against Ukraine led to a significant boost in Distributed Denial of Service (DDoS) attacks against EU targets;
  • Initial Access Brokers (IABs), droppers-as-a-service and crypter developers are key enablers utilised in the execution of cyber-attacks;
  • The war of aggression against Ukraine and Russia’s internal politics have uprooted cybercriminals, pushing them to move to other jurisdictions.

Europol’s response to Cybercrime

Europol provides dedicated support for cybercrime investigations in the EU and thus helps protect European citizens, businesses and governments from online crime.  Europol offers operational, strategic, analytical and forensic support to Member States’ investigations, including malware analysis, cryptocurrency-tracing training for investigators, and tool development projects.  Based in Europol’s European Cybercrime Centre (EC3), the Analysis Project Cyborg focuses on the threat of cyber-attacks and supports international investigations and operations into cyber criminality affecting critical computer and network infrastructures in the EU.

EAST response to Cybercrime

EAST focusses on tackling cybercrime through two of its Expert Groups – the EAST Expert Group on Payment and Transaction Fraud (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF).

Cybercrime – the Europol perspective

Cybercrime has become a big business, with an entire illicit economy set up to support it with service providers, recruiters and financial services. Europol has just published the first module of its 9th Internet Organised Crime Threat Assessment (IOCTA), which takes an in-depth look into the online criminal ecosystem, examining notable actors, their attack vectors and victims.

The increasing scale of cybercrime makes investigating cyber-attacks ever more challenging for law enforcement, with multiple specialised actors working on parts of the criminal process from every corner of the globe.

Europol’s IOCTA aims at providing and understanding of modern cybercrime to equip law enforcement with the knowledge to fight back.  This report and accompanying modules are based on operational information contributed to Europol’s European Cybercrime Centre (EC3), combined with expert insights and open source intelligence.

Focus of the report

  • Cybercriminal services are intertwined
  • Similar techniques for different goals
  • The central commodity is stolen data
  • Same victims, multiple offences
  • The underground communities to educate and recruit cybercriminals
  • What happens with the criminal profits?
  • Europol’s support

The current summary presents the main overarching findings concerning the different typologies of cybercrime, namely cyber-attacks, online fraud schemes and online child sexual exploitation.  It will be followed by a series of spotlight publications covering each of the crime areas in-depth.

EAST response to Cybercrime

EAST focusses on tackling cybercrime through two of its Expert Groups – the EAST Expert Group on Payment and Transaction Fraud (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF).

Europol publishes Italian language version of ATM Logical Attack Guidelines

ATM Logical Attack Guidelines - Italian LanguageEuropol’s European Cybercrime Centre (EC3) has just published an Italian language version of guidelines to help industry and law enforcement counter the ATM Logical Attack threat.  The English version of the updated document was officially launched at the 1st EAST Global Congress, which took place on Thursday 16th June 2022 at Europol’s HQ in The Hague.  The document is now available in English and Italian.  Work on versions in other languages is in progress.

The production of this document was coordinated by EAST EGAF.  It has three sections:

  1. Description of Modi Operandi (Descrizione dei Modi Operandi)
  2. Mitigating the risk of ATM Logical Attacks, Setting up Lines of Defence (Mitigazione del Rischio di Attacchi Logici Agli ATM, Creazione di Linee di Difesa)
  3. Identifying and responding to Logical Attacks (Identificazione e Risposta agli Attacchi Logici)

This latest version has many updates including improved advice on lines of defence and countermeasures, and a direct link (QR code) to the countermeasures published by EAST.

The original ATM Logical Attack Guidelines were published in 2015, with a first update in 2018.  They have been acknowledged as being of great value by both the industry and law enforcement, and the low success rate of ATM logical attack levels in Europe can no doubt be attributed to the fact that this guidance has been widely followed.

Circulation of the document is restricted to Law Enforcement and to the banking and payments industry, which includes EAST Members (National, Global, and Associate).

Europol helps to dismantle Payment Card Fraud network

A successful operation that took down an international payment card fraud network was carried out by the Public Prosecution Office at the Audiencia Nacional and National Police of Spain, and the General Directorate Combating Organized Crime in Bulgaria, with the support of Eurojust and Europol’s European Cybercrime Centre (EC3).

As a result of the cross-border action, 31 suspects were arrested (21 in Spain, 9 in Bulgaria and one in the Czech Republic) and 48 house searches (14 in Spain and 34 in Bulgaria) were carried out. The suspects were in possession of equipment used to forge payment cards, payment card data readers-recorders, skimmers, micro cameras, devices to manipulate ATMs, as well as cash and numerous counterfeit cards.

Between 2014 and 2017, the criminal network installed skimming devices on an average of 400 ATMs every year, to copy and clone the data contained on the bank cards. The forged cards were then used to make illegal transactions in 200 ATMs outside the European Union, mainly in the USA, the Dominican Republic, Malaysia, Indonesia, Vietnam, Peru, the Philippines and Costa Rica. Approximately 3,000 EU citizens were affected by the criminal network, with losses of at least EUR 500,000.

For more information visit Europol’s website.