Highlights from Europol’s 2015 IOCTA report

Europol, the EU law enforcement agency responsible for handling criminal intelligence, has just released its report entitled Internet Organised Crime Threat Assessment (IOCTA) 2015.

Published annually, this report aims to define the current cybercrime threat landscape from a law enforcement perspective, based on contributions of EU member states and Europol expertise.
This is an in-depth, organised and well written report, which includes both strategic analysis of the current landscape and provides recommendations to help address the outlined threats more effectively.
Here are our highlights taken from the 2015 Internet Organised Crime Threat Assessment (IOCTA).
  • Cybercrime is becoming more aggressive and confrontational. Instead of covert behaviour, attacks are increasingly hostile in their attempt to extort sensitive information. Examples include sexual extortion, ransomware, and DDoS attacks. Aggressive attacks like these are increasing the psychological impact of fear and uncertainty for victims, says the report.
  • In order to evade detection, it is now the norm for cybercriminals to employ encryption, anonymisation and anti-forensic tools.
  • The vast majority of cybercrimes takes advantage of vulnerabilities that have been well known for some time. An average 200 days passes between a vulnerability being patched and a malicious outsider breaching the vulnerable system, suggesting that both organisations and citizens need to be more proactive and timely when it comes to patching vulnerabilities. Worryingly, this lack of “digital hygiene” also provides fertile ground for the sale of exploit kits, which can attract non-tech-savvy cybercriminals.
  • In the context of pure cybercrime, ransomeware attacks have grown in terms of scale and impact, representing one of the primary threats vectors encountered by both organisations and citizens, as reported to the authorities.
  • Self-generated indecent material is attributed to the proliferation of mobile devices. While photos and videos of this nature are initially shared with innocent intent, they often find their way to cyber malfeasants who attempt to exploit and extort victims, explains the report.
  • Card-not-present (CNP) fraud is on the rise, with details being stolen through data breaches, social engineering attacks and data-stealing malware. Card present security measures, such as anti-skimming ATM slots, geo-blocking and chip & PIN services, have been widely adopted, making card present fraud a less attractive target for cybercriminals.
  • Banking malware, thanks to the profits it can generate, continues to plague citizens and the financial sector. Coordination between the financial sector and the internet security industry is recommended in the report to combat this growing problem.
  • Despite technology being widely available to combat threats, the human element remains the unpredictable variable and a potential vulnerability. Education is needed to help individuals spot scams before they become victims.
  • Every law enforcement success provides impetus for criminals to innovate to prevent detection and disruption of unauthorised cyber activities.
  • The main investigative challenges for law enforcement are common to all areas of cybercrime: attribution, anonymisation, encryption and jurisdiction.
The report also observes that law enforcement has demonstrated competence in dealing with cybercrime, but it reminds us of the need for continued cooperation and collaboration with international law enforcement and the private industry.
That said, the “speed at which society and crime ‘cyberise’ exceed the speed at which law enforcement can adapt” suggests to me at least that we are in for another rocky year of high-profile breaches, exploitation, DDoSes and ransomware.

B2B media executive with an unusually broad and international range of experience in both the editorial and commercial aspects of publishing, social media and events. I write a range of content types on technical subjects in wholesale finance and IT and have interviewed senior figures from the public and private sector globally for many years.

Related posts

Your thoughts