Key Takeaways from Europol's Internet Organized Crime Threat Assessment 2021

December 3, 2021 - Europol released the 2021 IOCTA report provides law enforcement-focused

assessment of evolving threats and key developments in the area of cybercrime.

Key findings highlighted from the report were:

  1. Ransomware: Ransomware attacks are focusing supply chain targeting large corporations and public institutions. Leveraging crime as a service, these attacks are able to scale and utilize multiple extortion methods. Mobile malware has scaled and effective by targeting overlay attacks, and multiple-factor authentication such as SMS and Authenticator devices.

  2. Child sexual exploitation material: There has been a steep increase in online grooming activities on social media and online gaming platforms. Overall activity related to child sexual abuse material (CSAM) distribution on P2P networks has increased considerably. The Dark Web remains an important platform for the exchange of CSAM.

  3. Online fraud: Phishing and social engineering remain the main vectors for payment fraud, increasing in both volume and sophistication. Investment fraud is thriving as citizens incur devastating losses, but business email compromise (BEC) and CEO fraud also remain key threats.

  4. Dark Web: Dark Web users are increasingly using Wickr and Telegram as communication channels or to bypass market fees. Dark Web users are increasingly adopting anonymous cryptocurrencies, such as Monero, and swapping services. Grey infrastructure is increasingly helping Dark Web users thrive.

IOCTA recommends several actions for consideration:

  1. Remove certain legal obstacles for investigators - Relax legal requirements for access to law enforcement agencies (LEAs) to closed groups. Extend retention of data requirements for CSP and relax the sharing of data with LEAs.

  2. More officers, tools and training needed - More technically skill officers and tools are required to address the increased sophistication of the criminals. Data analysis tools, such as for cryptocurrency tracing and decryption, are of increasing importance in investigating many types of cybercrime, but are often expensive.

  3. Broader cooperative focus - Secondary targets should also be targeted for their roles in supporting criminal transactions and activities. Examples include bulletproof hosters, criminal VPNs, illicit cryptocurrency exchangers, and money laundering platforms.

  4. Integrate law enforcement in the cybersecurity ecosystem - Involve LEAs in the response to cyber attacks. Timing is essential to the success outcome of the investigation.

  5. Streamline information sharing and enhance awareness campaigns - Reduce the friction of the mechanisms to provide timely and complete exchange and sharing of information between LEAs and private entities can lead to the reduced success of cybercriminals.