Education of potential victims remains the most effective defense against social engineering, the European Union’s law enforcement agency Europol says, and cybersecurity executives must strengthen industry-wide cooperation as well as with governments and the rest of the private sector.

Other sources of threats among cyber-dependent crimes are ransomware and Distributed Denial of Service Attacks, according to the Internet Organized Crime Threat Assessment produced by the European Union Agency for Law Enforcement Cooperation.

“Illegal acquisition of data following data breaches is a prominent threat,” said Catherine de Bolle, Europol executive director. “Criminals often use the obtained data to facilitate further criminal activity.”

According to the IOCTA, which drew from law enforcement statistics of EU member-nations, personal data – which can be used for account hijacking or identity theft and subsequent bank fraud – is most commonly compromised, followed by payment and medical data.

Europol defines cyber-dependent crimes as those that can only be committed using computers, computer networks or other forms of information communication technology. These include the creation and spread of malware, hacking to steal sensitive personal or industry data and denial of service attacks to cause financial and/or reputational damage.

“Social engineering threats were overwhelmingly prominent in reporting from our contributors in the financial sector,” Europol said. Phishing remains as the prime example of social engineering, which continues to grow in significance as criminals use it to “obtain personal data, hijack accounts, steal identities, initiate illegitimate payments, or convince the victim to proceed with any other activity against their self-interest, such as transferring money or sharing personal data.”

Spam and phishing are most commonly used to obtain an initial foothold on a victim’s device.

The Anti-Phishing Working Group has noted an increase in the use of HTTPS encryption protocol by phishing sites, from 5% of sites in 2016 to nearly one third of sites in 2017.

Europol makes a distinction between a site’s SSL certification and legitimacy or safety. The familiar green padlock (or word ‘Secure’ in the case of Google Chrome), means only that a valid SSL certificate has been obtained for the site and not that the website is either legitimate or even safe. “Attackers exploit the potential confusion this creates to legitimize their phishing sites in the eyes of prospective victims,” the report said.

Aside from business email compromise, advance fee fraud and romance scams still feature prominently in law enforcement reporting. “They often use multiple platforms and still result in significant financial and emotional damage to their victims,” said Europol.

Sixty-five percent of member states confirmed cases of CEO fraud, which occurs when high-ranking individuals in an organization are impersonated.

Other threats

The Europol report said that over one third of organizations faced DDoS attacks in 2017 compared to just 17% in 2016. DDoS attacks are used as a tool against private business and the public sector for financial, ideological, political or purely malicious reasons.

“It is becoming more accessible, low-cost and low-risk,” according to the report.

Other industry reports suggest that DDoS attacks account for approximately 70% of all incidents compromising network integrity.

Several states highlight the availability of booter and stresser services as a major contributing factor to the increasing number of cases and the ease by which an unskilled individual can launch a significant DDoS attacks; a simple online search reveals a considerable number of such services openly advertised for their DDoS capability.

Meanwhile, some estimates place the global loss to ransomware in excess of US$5 million last year. The report also said ransomware will become less random and more targeted as criminals become
more adept and the tools more sophisticated yet easier to obtain. “Fewer attacks [will be] directed toward citizens and more toward small businesses and larger targets where greater potential profits lie,” according to Europol.

The report recalled the WannaCry and NotPetya attacks of 2017 which affected some 350,000 victims in over 150 countries.

“Within the EU, the attacks affected a wide range of key industries and critical infrastructures including health services, telecommunications, transport and manufacturing industries. Later in the year, the Bad Rabbit ransomware hit over 200 victims in Russia and Eastern Europe, again affecting critical infrastructures such as healthcare, transport and financial sectors.”

Cryptomining attacks are more appealing to cybercriminals wishing to keep a low profile, requiring little or no victim engagement and, at least currently, minimal law enforcement attention.

Affected organizations

In its report the Europol said external malicious actors carried out 73% of breaches, but 28% also involved internal actors. Organized crime groups carried out 50% of breaches, whereas industry reporting attributes 12% of the breaches to state-sponsored actors. Cutting across these actor attributions, industry reporting indicates that 76% of all attacks are financially motivated

“Healthcare organizations are now the most targeted sector, accounting for 24% of breaches, taking over from financial organizations which were top victims in 2016. Accommodation and food services and public sector organizations also account for a significant proportion of victims; 58% of victims can be categorized as small businesses.”