Corporate security
New reports from Europol and the UK’s National Crime Agency (NCA) shed light on how the battle against cybercrime is being fought
06 September 2023
•
,
4 minutes Read
Law enforcement remains an integral part of the fight against agile and increasingly well-resourced adversaries. Consumers and businesses can – and should – continue to improve their defenses, too, while vendors have an important role to play by researching emerging threats and building protection into products. Indeed, they could also help police monitor, disrupt and eliminate bad actors – and ultimately send the message that cybercrime doesn’t pay.
5 cybercrime trends to watch
-
Nation states are collaborating with cybercriminals
For years, state-sponsored activity and cybercrime have been distinct areas. The former concerned cyber espionage and/or destructive attacks aimed at pursuing geopolitical and military goals. The latter was short-sightedly focused on making money.
Worryingly, the NCA increasingly sees a convergence between the two. This is evident not only in the fact that some actors use cybercrime techniques to steal money for the state. Or in the fact that some governments turn a blind eye to the activities of ransomware and other groups.
Over the last year we have started to see hostile states start to use organized criminal groups – not always of the same nationality – as proxies,” warns NCA chief Graeme Biggar. “It is a development of ours and our colleagues at MI5 and CT [counter-terrorism] the police are watching closely.”
This is not the first time that experts, including ourselves and HP among others, have noted a growing link between organized crime and nation states. In fact, just three months ago, ESET researchers wrote about the interesting case of the group nicknamed Asylum Ambuscade, halfway between crime and espionage.
But if the strategy becomes more widespread, it will make attribution of violations more difficult, potentially giving criminal groups more sophisticated know-how.
-
Data theft is fueling a fraud epidemic
In the UK, fraud now accounts for 40% of all crimes, with three-quarters of adults targeted in 2022 by telephone, in person or online, according to the NCA. This stems in part from a continuous stream of compromised data flowing into dark web markets. Europol goes further, arguing that data is the “central asset” of the cybercrime economy, fueling extortion (e.g. ransomware), social engineering (e.g. phishing) and much more.
The data itself sold on such markets is increasingly not just static information such as card details, but compiled from multiple data points retrieved from a victim’s device, Europol says. The cybercrime supply chain, from data theft to fraud, can involve many separate actors, from initial access brokers (IABs) and bulletproof hosters, to anti-malware and encryption service providers.
This service-based economy is surprisingly effective. However, the NCA argues that these professional services can also assist law enforcement by “providing a rich target set that, when disrupted, has a disproportionate impact on the criminal ecosystem.”
Often the same victims are targeted multiple times
The way clandestine cybercrime works today means that even organizations that have just suffered a breach may not be able to breathe a sigh of relief knowing that the worst is now behind us. Why? Because IABs sell multiple threat actors access to the same organizations, there is usually no exclusivity agreement written into the agreements. This means that the same set of compromised corporate credentials could circulate among multiple threat actors, Europol says.
Scammers are also getting better at maximizing the profit made by victims. Investment scammers may contact victims after stealing their money, but this time pretending to be lawyers or policemen. Impersonating these trusted officials, they will offer help to the traumatized victim’s company, for a fee.
Phishing remains surprisingly effective
Phishing has been a major threat vector for many years and continues to be the preferred route to gain access and personal information, as well as covertly distribute malware. It remains popular and effective because humans remain the weakest link in the security chain, Europol argues. In addition to brute-forcing the Remote Desktop Protocol (RDP) and exploiting VPN bugs, e.gAccording to the report, sending emails is the most common way to gain initial access to corporate networks.
Unfortunately, there is little sign of attackers switching to other tactics, not while phishing remains so effective. The widespread use of phishing kits helps automate and lower the bar for less technically skilled cybercriminals. Europol also warns that generative AI tools have already been used to make deepfake videos and write more realistic-looking phishing messages.
Criminal behavior is increasingly normalized among young people
Dark websites have always been a place to not only trade stolen data and hacking tools, but also knowledge. According to Europol, this persists today, with users seeking and receiving advice on how to avoid detection and how to make their attacks more effective. Tutorials, FAQs and how-to manuals offer help with fraud campaigns, money laundering, child sexual exploitation, phishing, malware and more.
Perhaps more worrying is the fact that, according to Europol, clandestine sites and forums, some of which operate on the surface web, are also being used to recruit fresh blood. Young people are particularly exposed: a 2022 report cited by Europol states that 69% of young Europeans have committed at least one form of cybercrime or online harm or risk-taking, including money laundering and digital piracy.
Ultimately, law enforcement is only one piece of the puzzle. We need other sectors of society to play their part in the fight against cybercrime. And we all need to get better at working together, just like the bad guys do.