Europol’s annual cyber-crime survey warns that the quality of spearphishing and other "CEO fraud" is continuing to improve and "cybercrime-as-a-service" means an ever larger group of fraudsters can easily commit online attacks.
Many threats remain from last year – banking trojan attacks are still an issue for businesses and individuals although this has now been eclipsed by ransomware which is growing more quickly.
The ease of access to cyber-crime tools means that it now exceeds real world crime in terms of value in many European countries.
The report warns that although there is very limited use of these tools by extremist groups, the fact that they're simple to use, and fairly simple to access via the Dark web, means that could quickly change. It notes that such groups make wide use of social media for propaganda and recruitment there is little evidence of use of cyber-attack capabilities beyond website defacement.
Europol is also seeing the first evidence of organised criminal gangs beginning to exploit contactless cards.
It warns of increasing use of booter/stresser tools to run DDos attacks.
It has also seen a marked improvement in the quality and apparent authenticity of spear-phishing attacks – making them ever harder to separate from genuine communications.
Data remains a key target for cybercrims. But they’re increasingly using it either to encrypt, for ransom, for direct extortion or to further more complex fraud, not just for immediate gain.
Another change this year is an increase in live streamed child sexual abuse.
Europol said: “The use of end-to-end encrypted platforms for sharing media, coupled with the use of largely anonymous payment systems, is facilitating an escalation in the live streaming of child abuse. Offenders target regions where there are high levels of poverty, limited domestic child protection measures and easy access to children.”
Beyond recommending more resources for cyber-crime law enforcement Europol wants more collaboration and intelligence sharing to deal with Darknet investigations and prevent duplication of effort and improve sharing of tools and tactics.
More broadly it calls for a phenomenon-based approach to replace incident response. It notes that successes in combating fraud in the airline industry could be replicated for other industries. Equally operations to target offenders who need to be in a physical location – like car rental – in order to collect the proceeds of cyber-crime.
The full Internet Organised Crime Threat Assessment 2016 is available to download here.