Cyber threat complex and growing

Europe’s police force has warned the threat of cyber-attack is rapidly increasing as criminals and state actors look to profit from business vulnerabilities.

Europol has issued the latest Internet Organised Crime Threat Assessment (IOCTA) is a strategic analysis report that provides an assessment of the latest online threats and the impact of cybercrime within the EU.

It said the threat was rapidly in the rise.

“Cybercrime, in its various forms, represents an increasing threat to the EU,” it said. “Cyber-attacks, online child sexual exploitation, and online frauds, are highly complex crimes and manifest in diverse typologies. Offenders continue showing high levels of adaptability to new technologies and societal developments, while constantly enhancing cooperation and specialisation.

“Cybercrimes have a broad reach and inflict severe harm on individuals, public and private organisations, and the EU’s economy and security.”

It added the year 2022 shifted the world’s attention from the COVID-19 pandemic to Russia’s invasion of Ukraine, which among other things put the political divides of the cybercriminal underground under a magnifying glass. Law enforcement action, hacktivism and fallout within criminal groups revealed known truths, confirmed speculations and provided insights about the inner workings of business structures – as well as the threat actors governing them.

“The instability in the region has resulted in the displacement of some cybercriminals active in the area, creating opportunities for law enforcement to arrest high-ranking threat actors previously outside their reach,” Europol added. “The carry-over effects of the geopolitical situation could be seen by the barrage of disruptive cyber-attacks against not only Ukrainian and Russian targets, but also worldwide, especially in the EU.

“The boost in these malicious activities targeting EU Member States is mostly due to a significant number of Distributed Denial of Service (DDoS) attacks affecting national and regional public institutions. These attacks were often politically motivated and coordinated by pro-Russian hacker groups in response to declarations or actions in support to Ukraine.

“The invasion of Ukraine also showed once again cybercriminals’ adaptability and opportunism. Online fraudsters responded swiftly to the circumstances and exploited the crisis by developing a variety of narratives related to it.

“They targeted victims across the EU under the guise of supporting Ukraine or Ukrainians. Fake webpages were created to solicit money, using URLs that included misleading key words. Emails pretending to raise funds for the humanitarian effort were sent from fraudulent addresses. In some cases, fraudsters impersonated celebrities that led or supported real campaigns or spoofed the humanitarian organisations’ domains, inviting victims to donate in cryptocurrencies.”

Europol added that combating the threat was complex.

“Cyber-attacks are challenging to investigate as they consist of multiple steps from initial intrusion, via lateral movement and privilege escalation, to data exfiltration and exploitation, with multiple actors working on parts of the criminal process, and an important crime-as-a-service dimension,” it added. “Cybercrime services are widely available and have a well-established online presence, with a high level of specialisation inside criminal networks and collaboration between illicit providers.

“The services offered to perpetrate cybercrime are often intertwined and their efficacy is to a degree co-dependant. The illicit service providers cater to a large number of criminal actors by offering monitoring, delivery and obfuscation services.

“Such services are often offered for sale or advertised on dark web forums and marketplaces. For example, initial access brokers (IABs) and dropper-services cater to a variety of cybercriminals and are pivotal for ransomware attacks and online fraud schemes.”