Cyber attacks

As an overarching, horizontal goal, law enforcement should prioritise actions against the providers of the key criminal services and tools that support other areas of cybercrime. Removal of these highly specialised services will have significant impact on the cybercrime community:

• Developers, vendors and buyers of payload malware such as ransomware and banking Trojans;
• Developers, vendors and buyers of enabling/facilitating malware such as exploit kits, droppers and spam;
• Providers of DDoS attack services (Booters/Stressers);
• Counter anti-virus services;
• Botnet takedowns, with particular focus on those deployed to distribute other malware and carry out DDoS attacks.

Payment fraud

• Execution, enabling and facilitation of card-present fraud:
  • Developers and vendors of ATM/POS malware and skimming devices;
  • Logical and malware attacks designed to obtain cash or sensitive data from ATMs and/or POS (Black Boxing, Jackpotting, Man-in-the-Middle or Skimming 2.0);
  • The compromise of EU citizen card data;
  • Illegal transactions in non-EMV compliant regions (fraud migration outside the EU).
• Online fraud/Card-not-present fraud:
  • E-commerce fraud with a focus on the transport (airlines), retail and accommodation sectors.
• The acquisition and trading of compromised financial data and credentials:
  • Data breaches;
  • Take-down of carding sites and prosecution of their operators and users.

Online child sexual exploitation

• Combating the live streaming of on-demand abuse;
• Eradication of groups that stimulate active CSEM production, in particular on the Darknet;
• Victim identification and rescue;
• Tackling the misuse of legitimate online platforms for CSE related crimes (such as the dissemination of CSEM, grooming and child sexual extortion).

Cross-cutting crime enablers

• Vendors, buyers and administrators of illegal trading sites on the Darknet;
• Criminal providers of anonymising and hosting solutions:
  • Bulletproof hosting;
  • Criminal VPN/proxy providers.
• Money mules and money laundering services;
• Criminals facilitating the abuse of Bitcoin and other virtual currencies;
  • Criminal exchangers;
  • Criminal mixing services.

Many criminal tools and services cut across several crime areas to some degree; their disruption would therefore have an impact on a broader range of cyber-enabled crime than simply the crime area it is primarily associated with. Tackling these areas would however require greater levels collaboration between investigators from cyber attacks, payment fraud and online child sexual extortion to efficiently prioritise and coordinate investigations and prevent the need for deconfliction.

The operational objectives suggested above must be considered in parallel with adequate provision for intelligence sharing and analysis. Furthermore, they should be matched by more strategic priorities around training and capacity building and complemented by prevention and awareness initiatives.