Request a Quote

Europol’s IOCTA 2023 Report Reveals Cybercriminals are Increasingly Interdependent

We Keep you Connected

Europol’s IOCTA 2023 Report Reveals Cybercriminals are Increasingly Interdependent

Europol’s IOCTA 2023 Report Reveals Cybercriminals are Increasingly Interdependent
Your email has been sent
The Europol report also reported on cybercriminals’ use of cryptocurrencies and how their techniques are more sophisticated. However, there was good cybersecurity news, too.
Europol, the European Union’s agency for law enforcement cooperation, released its yearly Internet Organised Crime Threat Assessment report, which provides key findings and emerging cybersecurity threats that impact governments, businesses and individuals in Europe; however, these threats can affect people worldwide. The main themes of the report are cybercriminals are increasingly codependent, the fundamentals of cybercrime, technically speaking, remain the same and there is a constant use of cryptocurrencies and an increased use of mixers.
Jump to:
According to Europol, the landscape of cybercrime has evolved into a complex web of interdependence among cybercriminals.
As computer security and defense evolves, cybercrime does, too. Different types of computer knowledge are needed for running fraud on the internet. For instance, depending on the fraud, a cybercriminal might need malware that isn’t detected by antivirus and security solutions, a secure internet connection that can’t be traced back to them, initial access to companies’ networks or mailboxes, efficient social engineering content, fraudulent content hosting and more.
All of those needs require deep knowledge in different fields, which is a reason why a number of cybercriminals have decided to sell their knowledge as a service to other cybercriminals.
Initial access brokers sell the compromised accesses they collect to other cybercriminals who use it for online fraud schemes. IABs are also “pivotal for ransomware attacks,” wrote Europol, as they sell initial access to ransomware groups who then use it to penetrate corporate systems to move inside their network before executing the ransomware.
Crypter developers hide malicious payloads and malware so they’re more difficult for security solutions to detect.
Counter AntiVirus services are very popular amongst cybercriminals. Malware developers and crypter services regularly use CAV services to scan their binaries against several antivirus solutions. This allows them to identify which parts of their code are flagged as malicious by antivirus engines.
Virtual private networks are provided by cybercriminals to avoid identification. Several VPN solutions are available in the cybercriminal underground market, offering anonymity by encrypting traffic from end-to-end and by not providing any cooperation with requests for information from law enforcement entities.
Bulletproof hosting is central to a lot of cybercrimes and is used by many criminals. Europol stated that those hosting services “… do not engage in extensive customer monitoring practices such as Know-Your-Customer procedures and storing of customer and metadata facilitating criminal activities.” Bulletproof hosting services don’t provide customer information to law enforcement except for an automated confirmation of an email address. Finally, hosting matters can be difficult, as it’s generally a complex international business where servers are often in multiple regions worldwide.
Andy Zollo, regional vice president for EMEA at cybersecurity company Imperva, talked with TechRepublic.
“The fact that so many cybercriminals are now operating co-dependent services is further evidence of how complex the cybercrime industry has become, and demonstrates the need for organisations to have cohesive security strategies in place that can protect applications, APIs, and their sensitive data. However, the flip side is that the growing co-dependency among cybercriminals means that if businesses are able to disrupt any part of the cybercrime supply chain, it can make a significant difference to their overall security posture. Even one solution or initiative, if well-targeted, can be enough to help break the cycle.”
All types of cybercriminals use the same methods of reaching their goals at some point. The most used technique is phishing; it’s generally always the starting point of financial fraud or cyberespionage operations.
From a technical point of view, the modus opérandi doesn’t change, but the way to achieve it gets more sophisticated and increases in volume. European Union regulatory developments have made fraud with compromised credit card information more difficult, which has the effect of turning cybercriminals more onto the users than the digital systems.
Remote Desktop Protocol brute-forcing and VPN vulnerability exploitation are the most common intrusion tactics used by cybercriminals, according to Europol. Phishing kits have also become increasingly available for cybercriminals, regardless of their level of organization and technical expertise.
SEE: TechRepublic Premium’s Brute Force and Dictionary Attacks: A Guide for IT Leaders
When possible, cybercriminals use cryptocurrencies. Ransomware groups all request cryptocurrencies, paid directly on dedicated crypto wallets. Payments between cybercriminals for different services are also always made in cryptocurrencies.
An extensive use of several layers of obfuscation techniques is generally deployed by cybercriminals before finally cashing out their illegal profits. Cryptocurrency mixers, a service that blends the cryptocurrencies of many users together, are often used to obfuscate the origins and owners of the funds. These mixers make it difficult for investigators to trace the money trails effectively.
Another commonly employed method is cryptocurrency swappers, which allow for instant trading from one cryptocurrency to another, further complicating the process of identifying the origin of the funds. In addition, change of countries and decentralized exchanges are used for obfuscation. These cryptocurrency obfuscation techniques require highly skilled investigators to follow the money trails and conduct successful investigations.
Europol shows a complex cryptocurrency case where mixers, cryptocurrency switches and splits are heavily used (Figure A).
Figure A
In the Decentralised Finance hack depicted in Figure A, the cryptocurrency, Binance Coin, is stolen and sent to Ren Project, a protocol that allows movement of values across blockchains. Then, it’s converted to Bitcoin before going into a mixer that splits the money in two, going back to Ren Project. It’s converted to BNB on one side and converted to Ethereum on the other side. The Ethereum amount goes through the Tornado Cash mixer before being reconverted to Ethereum.
The time when a cybercriminal was running all of their fraud alone is coming to an end; cybercriminals want to be efficient, so they buy the services of more skilled peers rather than do it themselves. This is good news for the fight against cybercrime because arresting cybercriminals on one aspect of cybercrime generally affects others and stops a lot more fraud.
For example, Europol reported several successful international operations leading to arrests. One instance was the VPNLab takedown in 2022. Many users of VPNLab used the service to connect to domains of companies being compromised by a ransomware group. This takedown demonstrated how bringing down one service could help further investigations.
Another example is Operation Elaborate in 2022, which took down a full service that provided Automated Interactive Voice Response, interception of one-time passwords and live monitoring of calls, leading to the arrest of 142 suspects.
Disclosure: I work for Trend Micro, but the views expressed in this article are mine.
Keep informed about the latest site features, downloads, special offers, and products from TechRepublic.
Europol’s IOCTA 2023 Report Reveals Cybercriminals are Increasingly Interdependent
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Microsoft is also running a grant competition for ideas on using AI training in community building.
Generative AI will be a game changer in cloud security, especially in common pain points like preventing threats, reducing toil from repetitive tasks, and bridging the cybersecurity talent gap.
Does your business need a payroll provider that offers international payroll services? Use our buyer’s guide to review the best solutions, from ADP to Oyster.
Get up and running with ChatGPT with this comprehensive cheat sheet. Learn everything from how to sign up for free to enterprise use cases, and start using ChatGPT quickly and effectively.
Looking for an alternative to monday.com? Our comprehensive list covers the best monday alternatives, their key features, pricing, pros, cons and more.
Keep informed about the latest site features, downloads, special offers, and products from TechRepublic.
This Conflict of Interest Disclosure Policy from TechRepublic Premium establishes the ground rules that will allow a hired consultant to work on another project for another party. Company permission for such a situation is discretionary by the company and is dependent on meeting the requirements of this policy. From the policy: To use the Company’s …
All modern enterprises must accept the fact that at some point their systems or networks will very likely experience an unauthorized intrusion of some kind. This is the state of the world’s current security environment and for the most part enterprises, especially well-managed ones, have come to terms with this fate while also doing their …
Choosing the right customer relationship management software or service for your business requires strategy, thoughtful consideration and more than a little research. These guidelines and the accompanying tool, from TechRepublic Premium, will give you a customizable framework to find the best CRM solution for your needs. From the guide: Before starting to evaluate CRM systems …
Regardless of its industry or business, an enterprise can only reach the level of success that is achievable by the people that exist within that enterprise. Strategic plans, marketing campaigns, new product designs, technological innovations, etc., are all dependent on skilled people. If your enterprise views labor as a cost to be controlled rather than …

source

 

Enterprise Guardian (EnGuard) specializes in HIPAA Compliant Email for the Healthcare Industry.
HIPAA Compliant Email, Telehealth & Cloud Made Easy.

 

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE