Cybercrime continues to grow and evolve, taking new forms and directions. It is also beginning to converge with serious and organised crime, supported by a professional underground economy of skills and services.
“The global impact of huge cyber security events, such as the WannaCry ransomware epidemic, has taken the threat to another level,” said Rob Wainwright, executive director, Europol on the publication of the 2017 Internet Organised Crime Threat Assessment report.
Europol and its partners in law enforcement and industry have been successful in disrupting major criminal syndicates operating online. However, people and companies everywhere must do more to protect themselves with good digital hygiene and everyday security practices.
Ransomware attacks have eclipsed most other global cybercrime threats, affecting victims across the public and private sectors indiscriminately. The severity of attacks, such as WannaCry and Petya/NotPetya, have been on an unprecedented scale.
The first serious attacks by botnets using infected IoT devices occurred last year. The Mirai malware transformed around 150,000 routers and CCTV cameras into a DDoS botnet, which severely disrupted online infrastructure.
The darknet remains a key enabler for all crime, providing access to financial data to commit various types of payment fraud. The availability of crime-as-a-service tools on the darknet appears to be growing faster than more established commodities, such as drugs.
The fraudulent use of compromised card data to make purchases online continues to plague the e-commerce industry. While law enforcement has some overview of the scale of the problem, it is difficult to measure. The ‘dark’ figure for this crime area is assessed to be very high.
The retail sector saw a growing numbers of cases in more than half of European countries. Airline ticket fraud continues to have a high impact and priority, yet the number of cases across Europe appears to be stabilising.
Accommodation is a growing e-commerce payment fraud area, for example hotels booked using compromised cards. Offenders often do not use the accommodation themselves, but instead sell/rent it to third parties, who may be unaware that it has been fraudulently obtained.
“This report shows online crime is the new frontier of law enforcement. Whether attacks are carried out for financial or political reasons, we need to improve our resilience and ensure cybercrime does not pay,” said Julian King, EU Commissioner for the security union.