Europol Report Shows 2016 Cybercrime Trends

The new Internet Organized Crime Threat Assessment released by European Law Enforcement Agency Europol has highlighted the biggest 2016 cybercrime trends. The report also confirms that online threats and cyberattacks have increased during the past 12 months.

The increase in cybercrime has been attributed in part to the rise in hackers offering malware, ransomware, DDoS attacks and other malicious activities as a service. Now, more individuals are able to conduct online criminal campaigns as it no longer requires a high skill level.

The report indicates that the level of cybercriminal activity has increased so much that online crime has now exceeded conventional criminal activity in many countries. It is far easier to defraud individuals and companies online than it is using more traditional methods.

While criminals are coming up with ever more elaborate and sophisticated ways to commit fraud, there has been a resurgence in the use of malware and ransomware. Phishing attacks have also increased substantially in recent months. Phishing emails used to be fairly easy to identify, but now the campaigns are becoming highly sophisticated and extremely convincing in some cases.

Rather than using generic phishing emails to try to fool a few personal email users, criminals are increasingly hand-picking their targets. Senior executives and CEOs are now being targeted much more frequently. If access can be gained to the email account of a CEO, it is a relatively easy process to convince an account executive to email sensitive data or even make a bank transfer to the attacker’s account.

While sophisticated attacks are being conducted, in the majority of cases, successful attacks are the result of negligence and carelessness by employees. Organizations that practice poor digital hygiene and those that fail provide employees with cyber awareness are more likely to be attacked.

Main 2016 Cybercrime Trends

According to the Europol Internet Organized Crime Threat Assessment, the main 2016 cybercrime trends are:

Ransomware

Ransomware has become one of the main concerns for European law enforcement agencies. While efforts have been made to provide free decryptors via “No More Ransom” many ransomware variants have not been cracked. The main threats have come from Cryptowall, CTB-Locker, and Locky.

Information Stealing Malware

Information stealers are being used to obtain a wide range of sensitive data, although most commonly cybercriminals use these malware to obtain banking credentials and credit cards. The main threats have been Dridex, Citadel, Zeus, and Dyre.

Credit Card Present Fraud

Credit card present fraud has declined thanks to the use of chip and pin cards and geoblocking; however, cybercriminals are now migrating cash-out operations to other countries.

Cyrytocurrency

The use of cryptocurrency such as Bitcoin has made it possible to extort victims with little risk of being caught. Unsurprisingly the use of such currencies has increased for criminal transactions.

Crime-as-a-Service

More malicious actors are now offering their malware and ransomware as a service, with the latter now being offered under an affiliate model. The services have proved popular due to the anonymity that they afford. The price for these services has also fallen.

DDoS Attacks

DDoS attacks are becoming more prevalent. Attacks are being conducted on public and private organizations and competitor organizations. Attacks of 100Gbps were uncommon in 2014, but in 2015 attacks in excess of 300Gbps were conducted more frequently. Attacks exceeding 600Gbps have been reported in 2016 and DDoS as-a-service is growing.

Encryption and Anonymizers

Cybercriminals are now communicating using IP anonymizers and encrypted channels, allowing criminal activities to stay hidden. The use of encryption is hampering law enforcement efforts to identify malicious actors and bring individuals to justice.

Social engineering scams

The use of phishing attacks, CEO fraud, and advance fee fraud continues to increase. While there was not a great deal of invention in this area, there was a considerable amount of repetition in 2015. EU member states have also reported criminals are conducting campaigns of increasing quality.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news