New reports from Europol and the UK’s National Crime Agency (NCA) shed a light on how the battle against cybercrime is being fought
06 Sep 2023
4 min. read
Law enforcement remains an integral part of the fight against agile and increasingly well-resourced adversaries. Consumers and businesses, too, can – and need to – continue to improve their defenses, while vendors have an important part to play by researching emerging threats and building protection into products. Indeed, they may even help police monitor, disrupt and take down the bad guys – and ultimately send the message out that cybercrime doesn’t pay.
5 cybercrime trends to keep an eye on
Nation states are teaming up with cybercriminals
State-sponsored activity and cybercrime were for years quite distinct areas. The former revolved around cyberespionage and/or destructive attacks designed to further geopolitical and military ends. The latter focused myopically on making money.
Worryingly, the NCA is increasingly seeing a convergence between the two. It’s manifest not only in the fact that some actors use cybercrime techniques to steal money for the state. Or in the fact some governments turn a blind eye to the activities of ransomware and other groups.
Over the last year we have begun to see hostile states beginning to use organized crime groups—not always of the same nationality – as proxies,” warns NCA boss Graeme Biggar. “It is a development we and our colleagues in MI5 and CT [counter-terrorism] policing are watching closely.”
It’s not the first time experts, including ourselves and HP among others, have noticed a growing link between organized crime and nation states. Indeed, just three months ago, ESET researchers wrote about the interesting case of the group dubbed Asylum Ambuscade that straddles the line between crime and espionage.
But if the strategy becomes more widespread, it will make attribution of breaches more difficult, while potentially also empowering crime groups with more sophisticated know-how.
Data theft is fueling a fraud epidemic
In the UK, fraud now accounts for 40% of all crime, with three-quarters of adults targeted in 2022 either by phone, in person, or online, according to the NCA. This stems in part from a continuous flood of compromised data flowing onto dark web marketplaces. Europol goes further, claiming data is the “central commodity” of the cybercrime economy, fueling extortion (e.g., ransomware), social engineering (e.g., phishing) and much more.
The data itself sold on such marketplaces is increasingly not only static information like card details, but compiled from multiple datapoints retrieved from a victim’s device, Europol claims. The cybercrime supply chain from data theft to fraud may involve many separate actors, from initial access brokers (IABs) and bulletproof hosters, to vendors of counter-antimalware and crypter services.
This service-based economy is startlingly effective. However, the NCA claims that these professional services can also help law enforcers by “providing a rich target set that, when disrupted, has a disproportionate impact on the criminal ecosystem.”
The same victims are often targeted multiple times
The way the cybercrime underground works today means even organizations that have just been breached may be unable to breath a sigh of relief that the worst is behind them. Why? Because IABs sell multiple threat actors access to the same organizations – there’s usually no exclusivity agreement written into deals. That means the same set of compromised corporate credentials could be circulating among multiple threat actors, says Europol.
Fraudsters are also getting better at maximizing their take from victims. Investment scammers may contact victims after making off with their money, but this time pretending to be lawyers or police. Impersonating these trusted officials, they’ll offer help to the traumatized victim company, for a fee.
Phishing remains startlingly effective
Phishing has been a top threat vector for many years, and continues to be a favored route to obtaining logins and personal information, as well as covertly deploying malware. It remains popular and effective because humans remain the weakest link in the security chain, argues Europol. Alongside remote desktop protocol (RDP) brute forcing and exploitation of VPN bugs, malware-laden phishing emails are the most common way to gain initial access into corporate networks, the report claims.
Unfortunately, there’s little sign of attackers switching to other tactics – not while phishing remains so effective. The widespread use of phishing kits helps to both automate and lower the bar for less technically able cyber-criminals. Europol also warns that generative AI tools are already being deployed to make deepfake videos and write more realistic-looking phishing messages.
Criminal behavior is increasingly normalized among youngsters
Dark web sites have always been a place not only to trade in stolen data and hacking tools but also knowledge. According to Europol, this persists today, with users seeking and receiving recommendations on how to avoid detection and how to make their attacks more effective. Tutorials, FAQs and how-to manuals offer help on fraud campaigns, money laundering, child sexual exploitation, phishing, malware and much more.
Perhaps more concerning is the fact that underground sites and forums – some of which operate on the surface web – are also used to recruit fresh blood, according to Europol. Young people are especially exposed: a 2022 report cited by Europol claims that 69% of European youngsters have committed at least one form of cybercrime or online harm or risk taking, including money laundering and digital piracy.
Ultimately, law enforcement is only one piece of the puzzle. We need other parts of society to do their bit in the fight against cybercrime. And we all need to get better at working together, just as the bad guys do.