« 厚生労働省 医療情報システムの安全管理に関するガイドライン第5.1版(案)に関する御意見の募集について | Main | 東証システム障害について  - 「システム障害に係る調査委員会」の設置について »




Europolが2020年版のインターネット組織犯罪脅威評価(INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2020)を公表していますね。この報告書は、サイバー犯罪分野における新たな課題と法執行に関する内容が含まれています。。。ダークウェブの悪用に関する情報が含まれているのはEuropolらしいのかもしれません。。。


● Europol




Executive summary
Key findings

1 Cross-cutting crime facilitators and challenges to criminal investigations

1.1 Introduction
1.2 COVID-19 demonstrates criminal opportunism
1.3 Data compromise
1.4 Cryptocurrencies facilitate payment for all forms of cybercrime
1.5 Challenges with reporting plague ability to create accurate overview of crime
1.6 Law enforcement access to data continues to challenge investigations

2 Cyber-dependent crime

2.1 Introduction
2.2 Ransomware
2.3 Malware
2.4 DDoS

3 Child sexual exploitation online

3.1 Introduction
3.2 The amount of online child sexual abuse material continues to increase
3.3 Criminals increasingly encrypt their communications complicating investigations
3.4 Darkweb offender communities are continuously evolving
3.5 Livestreaming is becoming mainstream
3.6 Commercia-lisation of online CSE is an emerging threat
3.7 Online child sexual abuse to remain significant threat

4 Payment fraud

4.1 Introduction
4.2 Increase in SIM swapping and SMishing
4.3 Business Email Compromise remains a threat and growing area of concern
4.4 Online investment fraud draws in victims all over Europe
4.5 Card-not-present fraud continues to increase as criminals diversify
4.6 Terminal attacks increase as popularity of black-box attacks soars

5 The criminal abuse of the Darkweb

5.1 Introduction
5.2 Marketplace developments
5.3 Administrators and users adapt as they aim to enhance security and resilience
5.4 Infrastructure preferences remain stable, but criminals do use alternatives
5.5 Privacy enhancing wallets emerge as top threat, as privacy enhancing coins gain popularity
5.6 Surface web platforms offer an additional dimension to Darkweb trading
5.7 Steady supply of diverse Darkweb market items


Exective Summary

The threat landscape over the last year described in the IOCTA 2020 contains many familiar main characters. The starring roles in terms of priority threats went to the likes of social engineering, ransomware and other forms of malware. Several interviewees captured the essence of the current state of affairs of the threat landscape by stating: cybercrime is an evolution, not a revolution. As time passes, the cyber-element of cybercrime infiltrates nearly every area of criminal activity. Key elements mentioned in previous editions of the IOCTA that return this year merit more, rather than less, attention. The repetition means the challenge still exists and has, in many cases, increased, underlining the need to further strengthen the resilience and response to well-known threats. The IOCTA 2020 makes clear that the fundamentals of cybercrime are firmly rooted, but that does not mean cybercrime stands still. Its evolution becomes apparent on closer inspection, in the ways seasoned cybercriminals refine their methods and make their artisanship accessible to others through crime as a service.

The COVID-19 crisis illustrated how criminals actively take advantage of society at its most vulnerable. Criminals tweaked existing forms of cybercrime to fit the pandemic narrative, abused the uncertainty of the situation and the public’s need for reliable information. Across the board from social engineering to Distributed Denial of Service (DDoS) attacks and from ransomware to the distribution of child sexual abuse material (CSAM), criminals abused the crisis when the rest of society was trying to contain the situation. The opportunistic behaviour of criminals during the pandemic, however, should not overshadow the overall threat landscape. In many cases, COVID-19 caused an amplification of existing problems exacerbated by a significant increase in the number of people working from home. This is perhaps most noticeable in the area of child sexual abuse and exploitation. As in previous years, the amount of online CSAM detected continues to increase, further exacerbated by the COVID-19 crisis, which has had serious consequences for the investigative capacity of law enforcement authorities. In addition, livestreaming of child sexual abuse increased and became even more popular during the COVID-19 crisis; a recent case shows production also takes place in the EU.

Data compromise once more features as a central aspect throughout a number of threats. Both law enforcement and private sector representatives consistently report on social engineering among the top threats. With regard to social engineering, in particular phishing, cybercriminals are now employing a more holistic strategy by demonstrating a high level of competency when exploiting tools, systems and vulnerabilities, assuming false identities and working in close cooperation with other cybercriminals. However, despite the trend pointing towards a growing sophistication of some criminals, the majority of social engineering and phishing attacks are successful due to inadequate security measures or insufficient awareness of users. In particular, as attacks do not have to be necessarily refined to be successful.

The developments in the area of non-cash payment fraud over the past twelve months reflect the overall increase in sophistication and targeting of social engineering and phishing. Fuelled by a wealth of readily available data, as well as a Cybercrime-as-a-Service (CaaS) community, it has become easier for criminals to carry out highly targeted attacks. As a result, law enforcement and industry continue to identify wellestablished frauds as a major threat.

Subscriber identity module (SIM) swapping is one of the new key trends this year, having caused significant losses and attracted considerable attention from law enforcement. As a highly targeted type of social engineering attack, SIM swapping can have potentially devastating consequences for its victims, by allowing criminals to bypass text message-based (SMS) twofactor authentication (2FA) measures gaining full control over their victims’ sensitive accounts.

Business Email Compromise (BEC) continues to increase. As criminals are more carefully selecting their targets, they have shown a significant understanding of internal business processes and systems’ vulnerabilities. At the same time, certain other forms of fraud have entered the spotlight due to the sheer number of victims they have generated. The spread of online investment fraud all over Europe is not necessarily new but has generated increased law enforcement attention as victims at times lose their life savings to professional organised criminal groups that have incorporated cyber elements into their scams. The clear majority of law enforcement respondents once again named ransomware as a top priority threat. Although this point has been made in past editions of the IOCTA, ransomware remains one of the, if not the, most dominant threats, especially for public and private organisations within as well as outside Europe. Considering the scale of damage that ransomware can inflict, victims also appear to be reluctant to come forward to law enforcement authorities or the public when they have been victimised, which makes it more difficult to identify and investigate such cases. Criminals continued making their ransomware attacks increasingly targeted. Ransomware has shown to pose a significant indirect threat to businesses and organisations, including in critical infrastructure, by targeting supply chains and third-party service providers. Perhaps one of the most crucial developments is the new way of pressuring victims to pay by stealing and subsequently threatening to auction off victims’ sensitive data.

Besides ransomware, European law enforcement reported malware in the broader sense to be widely present in cybercrime cases. Criminals have converted some traditional banking Trojans into more advanced modular malware to cover a broader scope of functionality. These evolved forms of modular malware are a top threat in the EU, especially as their adaptive and expandable nature makes them increasingly more complicated to combat effectively.

With a range of threat actors, this makes drawing general conclusions about particular threats challenging. In areas ranging from social engineering and phishing, to ransomware and other forms of malware, law enforcement authorities witness a broad spectrum of threat actors. These actors vary in terms of level of skill, capability and adaptability. The top tier criminals manage to run their operations like a professional enterprise, whereas less sophisticated threat actors tend to rely on off-the-shelf materials to conduct their criminal activities. The availability of the materials through CaaS, however, continues to make such activities accessible. Moreover, across the board threat actors in different types of cybercrime demonstrate their resilience. Perhaps more importantly, in areas such as the Darkweb, criminals have enhanced their cooperation and joined forces to provide a response to shared challenges. This means they are able to make their business more robust and in particular incorporate better security solutions to ensure that law enforcement are unable to trace them. Overall, cybercriminals are showing an improved level of operational security and proving to be highly aware of how to hide their identities and criminal activities from law enforcement or private sector companies. With cryptocurrencies, criminals also manage to complicate law enforcement’s ability to trace payments connected to criminal activities.

To respond to the cybercrime challenges in a more effective manner, a number of key ingredients are essential. First, information sharing is at the heart of any strategic, tactical and operational response regardless of the specific type of cybercrime. Sharing information, which needs to be purposedriven and actionable, requires reliable coordination and cooperation from public and private partners. At the same time, information sharing requires a legal framework and attitude that is sensitive to the timely exchange of information, which is crucial as cybercriminals can move their infrastructure within the blink of an eye. This is particularly evident in the criminal abuse of the Darkweb, where short lifecycles of marketplaces influences law enforcement’s ability to conduct investigations. There is also the need to foster a culture of acceptance and transparency when organisations or individuals fall victim to cybercrime. Re-victimising victims after a cyber-attack is counterproductive and a significant challenge, as law enforcement need companies and individuals who have been subject of a crime to come forward. This can help resolve the challenges in reporting we currently face. Besides information sharing through enhanced coordination and cooperation, other key elements to include in an effective response are prevention and awareness and capacity building. We can reduce the success rate of many forms of cybercrime by educating individuals and organisations in recognising criminal activity before they fall victim to it. It is worth underlining the importance of the responsibility of industry in integrating security and privacy in their design as fundamental principles, instead of shaming end users as the weakest link. Through capacity building, on the other hand, law enforcement across different crime areas will be able to understand and respond to the cyber-element of crimes. Finally, taskforce work such as coordinating and de-conflicting law enforcement operational response, for which the Europol Joint Cybercrime Action Taskforce (J-CAT) platform is vital, continues to play a key role in the current cybercrime landscape.




« 厚生労働省 医療情報システムの安全管理に関するガイドライン第5.1版(案)に関する御意見の募集について | Main | 東証システム障害について  - 「システム障害に係る調査委員会」の設置について »


Post a comment

(Not displayed with comment.)

Comments are moderated, and will not appear on this weblog until the author has approved them.

« 厚生労働省 医療情報システムの安全管理に関するガイドライン第5.1版(案)に関する御意見の募集について | Main | 東証システム障害について  - 「システム障害に係る調査委員会」の設置について »