crime priority: cyber-dependent crime
Cyber-dependent crime can be defined as any crime that can only be committed using computers, computer networks or other forms of information communication technology (ICT). In essence, without the internet these crimes could not be committed. It includes such activity as the creation and spread of malware, hacking to steal sensitive personal or industry data, and denial of service attacks to cause financial and/or reputational damage.
KEY FINDINGS
- Ransomware continues be one of the most prominent malware threats in terms of the variety and range of its victims and the damage done.
- A decline in the exploit kit market has pushed malware developers to rely on other infection methods, including spam botnets and social engineering.
- While sophisticated cyber-attacks against European critical infrastructures are a real threat, attacks using commonly available cybercrime tools appear to be much more likely, and easier to achieve.
- Following the success of the Mirai malware and its subsequent availability, we will see an increasing number of large-scale Distributed Denial of Service (DDoS) attacks originating from a variety of insecure Internet of Things (IoT) devices.
- Inadequate IT security for internet-facing entities will continue to result in sensitive data being unlawfully accessed, exfiltrated and disclosed every year, with major breaches expected frequently.
KEY RECOMMENDATIONS
- Law enforcement must continue to focus on the actors developing and providing cybercrime attack tools and services such as ransomware, banking Trojans and other malware, DDoS attack tools, counter-anti-virus services and botnets.
- Law enforcement and the private sector must continue to work together on threat analysis and prevention initiatives such as the No More Ransom project, to raise awareness and provide advice and free decryption tools to victims of ransomware.
- The international law enforcement community must continue to build trusted relationships with Computer Security Incident Response Team (CSIRT/CERT) communities, and public and private partners, including the improved exchange of relevant information, so that it is adequately prepared to provide a fast and coordinated response in the case of a global cyber-attack affecting critical infrastructures.
- In light of the recent turmoil in the exploit kit ecosystem, malware developers are increasingly relying on social engineering, spam botnets, and other infection methods. Hence, law enforcement response strategies and prevention and awareness campaigns must adapt to these changes. Educating employees and the public to recognise and respond accordingly to social engineering attempts would prevent many cyber-dependent attacks.
