Internet Organised Crime Threat Assessment

Ransomware groups and cyber criminals in all forms have used the pandemic to their advantage, according to the new edition of Europol’s Internet Organised Crime Threat Assessment (IOCTA). The market for criminal goods and services – personal, marketable information – is booming, according to the report.

Europol’s Executive Director Catherine De Bolle said in a foreword to the document that cybercriminals have continued exploiting opportunities created by lockdowns and continued teleworking. “Ransomware affiliate programs have increased in prominence and are tied to a multitude of high-profile attacks against healthcare institutions and services providers. Mobile malware operators and fraudsters have leveraged the increased reliance on online shopping services and are increasingly using it as a part of their modi operandi to access their victims’ bank accounts.

“Children spending more time online has made them more susceptible to grooming, leading to an increase of self-produced exploitation material. Many of the threats in the cybercrime landscape are exacerbated by the growing crime-as-a-service market on the Dark Web. Malware-as-a-service offerings and the auctioning of people’s stolen data enable the planning of future attacks. Criminals also continue improving their operational security by abusing end-to-end encrypted communication services and cryptocurrencies.”

In more detail, ransomware groups are scanning potential targets’ networks for insecure remote desktop protocol (RDP) connections and keeping an eye on known virtual private network (VPN) vulnerabilities. As mobile banking has become more popular, so have mobile banking trojans become a threat.

Ransomware criminals are focusing more on high-value attacks on large organisations, and their supply chains; while social engineers are shifting their attention towards upper-level management, the report says. Here it points to the well-publicised cyber attacks on software – Microsoft Exchange Server, SolarWinds and Kaseya.

Much of the 2021 report was going on pre-covid; such as ransomware ‘crews’ deploying double-extortion methods by exfiltrating victims’ data; and threatening to publish it. The report…