Europol Warning: 15 Ways To Become A Cybercrime Victim

Uploaded on 2018-09-24 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

From ransomware through to crypto-currency scams, Europol says it wants to stop criminals from making you a victim.
 
Europol has warned of 15 ways in which people can fall prey to cyber criminals as it launched a report on the dangers of the web. The report, the fifth annual Internet Organised Crime Threat Assessment (IOCTA), was presented at the Interpol cybercrime conference in Singapore last week. 
 
Europol described the report as offering "a unique law enforcement view of the emerging threats and key developments in the field of cyber-crime over the last year".
 
It added that the assessment "describes anticipated future threats" and "only has one goal in mind - to stop cybercriminals from making you their next victim."
 
1  .  Ransomware
Ransomware - malicious software that encrypts your computer and demands a ransom to make the files accessible - has become a standard attack tool for cyber criminals.
Europol is warning that criminals are moving from random ransomware attacks, such as the WannaCry attack which hit the NHS, to specifically targeting companies and individuals who might be able to pay larger ransoms.
How to protect yourself?
  • Keep your computer updated
  • Use a reputable anti-virus program
2  .  Mobile malware
Europol warns that malware for mobile phones is likely to grow as people shift from online to mobile banking.
How to protect yourself?
  • Check apps are legitimate before installing them
  • Use a reputable mobile anti-virus program
3  .   Stealthy malware
Europol warns that cyber-attacks have become increasingly stealthy and harder to detect.
Attacks using so-called "fileless" malware are increasingly common. This malware doesn't write itself onto the victim computer's hard-drive, but only exists in parts of the computer memory, such as the RAM.
How to protect yourself?
  • Keep your computer software updated.
  • Be wary of using macros in office programs.
4  .  Extortion
The EU's new General Data Protection Regulation (GDPR) introduces severe financial sanctions, up to 4% of global turnover, for companies that fail to protect users' privacy.
GDPR requires that data breaches are reported within 72 hours, and Europol warns that criminals may try to extort organisations because of this.
"While this is not new, it is possible that hacked companies will prefer to pay a smaller ransom to a hacker for non-disclosure than the steep fine that might be imposed by the authorities."
How to protect yourself?
  • Never pay extortion attempts without contacting the authorities first
5  .  Data for data's sake
Europol warns that the motive behind a lot of network intrusions is the illegal acquisition of data.
This data could be used for a variety of purposes, from developing leads for phishing or payment fraud, through to commercial or industrial espionage.
How to protect yourself?
  • Keep your computer updated
  • Use a reputable anti-virus program
6  .    DDoS
Distributed Denial of Service (DDoS) attacks are very unsophisticated and involve sending so many requests to a network resource that it is overloaded and can't respond to any of them. There are tools widely available allowing unskilled individuals to launch these attacks, and there are limited ways to protect against them because of the way the Internet is engineered.
Fortunately, DDoS attacks can't steal data or cause any damage beyond making a website or Internet resource unavailable.
 
7  .   Social engineering
Social engineering describes a form of attack in which someone exploits human traits, such as kindness or compassion, as part of a cyber-attack. The famous Nigerian prince scams are a form of social engineering fraud.
Europol warns that West African fraudsters are likely to have a more significant role within the EU in the future, as Africa continues to have the fastest growing internet usage globally.
How to protect yourself?
  • Always remember that if it seems too good to be true, it probably is.
8   .   Crypto-Criminality
There are a range of cryptocurrency crimes taking place, according to Europol, and cyber-attacks which historically targeted financial instruments are now targeting cryptocurrency users and businesses. 
Crypto-mining has been exploited by financially motivated cyber criminals, who for instance hack legitimate websites to crypto-jack users visiting those sites - hijacking their CPU power to mine more of the currency.
How to protect yourself?
  • Use a legitimate browser plug-in to avoid running java-script on unfamiliar web pages.
 
9  .  Privacy-oriented Crypto-Currencies
Europol states that it expects "a more pronounced shift towards more privacy-oriented currencies" and said "an increase in extortion demands and ransomware in these currencies will exemplify this shift".
How to protect yourself?
  • Report all extortion attempts to the authorities
  • Keep your software updated to avoid ransomware
10  .   Volume of child abuse material
The volume of child sexual abuse is growing to levels "that were unimaginable ten years ago" according to Europol, "partly because of the growing number of young children with access to internet-enabled devices and social media".
How to react? 
  • Seeing images and videos of child sexual abuse can be upsetting, but the right thing to do is report it to the Internet Watch Foundation here. Your report could lead to the rescue of a young victim from further abuse.
11.  Self-generated material
A large amount of child sexual exploitation material is self-generated. These images are often initially produced and shared voluntarily by young people, but end up in the hands of online child sex offenders. Offenders have also obtained images through sexual extortion.
How to protect yourself and others?
  • Educate children about the risks of sharing nude images online and encourage them to report any harassment or extortion attempts to a responsible adult.
12  .   The "Darknet"
Europol says that offenders are continuously seeking new ways to avoid detection from law enforcement, including by using anonymisation and encryption tools - and in some cases even the Bitcoin blockchain.
Almost all of this material is available on the open internet, but very extreme material can be found on hidden services that can only be accessed on the "Darknet" according to Europol.
How will they catch these criminals?
 
  • The widespread use of encryption on the web today has repeatedly been described as an issue for law enforcement, security, and intelligence agencies.
  • According to a report by Parliament's Security and Intelligence Committee, in 2016 GCHQ was engaged in a major ongoing project called FOXTROT, which was designed "to increase GCHQ's ability to operate in an environment of ubiquitous encryption".
13  . Live streaming
Live streaming of child sexual abuse is a very difficult crime to investigate. Europol states: "It often leaves few forensic traces and the live streamed material does not need to be downloaded or locally stored."
It has been on the rise for some years as video streaming technology has improved.
This form of abuse "will most likely move to other parts of the world, where legislation and law enforcement are not always able to keep up with the rapid developments in this area," warns Europol.
How to tackle it?
  • Internet businesses currently use the Child Abuse Image Database, which contains 30 million cryptographic hashes (digital fingerprints that can be used to identify files) to automatically detect when someone attempts to upload a known indecent image to their platforms.
However, this form of filtering is unable to capture new indecent images that haven't been reported before - nor can it address child abuse material which is being streamed. Sajid Javid, the home secretary, has pledged £250,000 towards the development of technologies which can detect live-streamed abuse.
 
14  .  Skimming
Credit card skimming is still successful as magnetic stripes on cards continue to be used. The presence of cameras alongside chip and pin skimmers can also allow criminals to capture the PIN alongside their attempts to clone the chip.
How to protect yourself?
  • Check instant payments on your banking app to be aware of fraud attempts
  • Make sure you cover your PIN when at an ATM
15  .  Telecommunications fraud
Fraudsters on the phone is an old but growing trend in fraud involving non-cash payments. Fraudsters can pretend to be from financial institutions or banks when attempting to collect details from you.
How to protect yourself?
  • Never hand out financial information, including card details, over the phone
  • Always double-check that someone claiming to be a representative from your bank is a real person, and call them back on a publicly listed number
Europol's executive director Catherine De Bolle said: "Cyber-Crime cases are increasingly complex and sophisticated. 
 
"Law enforcement requires additional training, investigative and forensic resources in order to adequately deal with these challenges. 
"The policing opportunities arising from emerging technologies, such as big data analytics and machine learning, need to be seized. 
"Europol will continue its efforts to enhance co-operation with international law enforcement and government agencies, tech companies, academia and other relevant stakeholders. Only if we do this, can cyber-crime be combated effectively."
 
The European commissioner for the security union, Sir Julian King, concluded: "As the report shows, Europe is still faced with a range of security threats from terrorism and cyber.
 
"We will continue to take decisive action, with the support of Europol, to tackle these threats, through our proposals on terrorist content online, electronic evidence and on election security, and through our cyber security strategy."
 
Europol:       Sky
 
You Might Also Read: 
 
Cyber Criminals Are Outspending Business:
 
 
 
 
« Former MI5 Chief Wants Retaliatory Attacks On Russia
British Government Is Planning Internet Regulation »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ThreatConnect

ThreatConnect

ThreatConnect is an enterprise threat intelligence platform by Cyber Squared bridging incident response, defense, and threat analysis for InfoSec & DFIR teams.

National Cyber Directorate Israel

National Cyber Directorate Israel

The Israeli National Cyber Directorate provides incident handling services for civilian entities and critical infrastructures and works to increase national resilience against cyber threats.

Rewertz

Rewertz

Rewterz is a cyber security company based out of Dubai, serving customers in UAE, Oman, Qatar, Bahrain, Saudi Arabia, and Pakistan.

Destel

Destel

Destel is a system integrator and provider of IT services focused on Advanced Network & Security Solutions.

IPQualityScore (IPQS)

IPQualityScore (IPQS)

IPQS anti-fraud tools provide a real-time fraud score to analyze how likely a user or visitor is to engage in fraudulent behavior.

Xperien

Xperien

Xperien is a leading South African Information Technology Asset Disposition (ITAD) company.

Symantec

Symantec

Symantec delivers data-centric hybrid security for the largest, most complex organizations in the world – on devices, in private data centers, and in the cloud.

Argo Group

Argo Group

Argo is an international underwriter of specialty insurance. Argo Cyber offers a full spectrum of coverage solutions related to professional and technology services.

Netizen

Netizen

Netizen is an award-winning company that develops and leverages innovative solutions to enable a more secure cyberspace for clients in government and commercial markets.

SecureAge Technology

SecureAge Technology

We’re a rapidly growing cybersecurity company with an 18-year history of ZERO Data breaches. Our security solutions place security and usability on equal footing. Learn more about our technology.

Consistec Engineering & Consulting

Consistec Engineering & Consulting

Consistec Engineering & Consulting GmbH is an information technology and services company offering solutions for monitoring the security of IT and OT infrastructure.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

Tetrate.io

Tetrate.io

Tetrate Service Bridge provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

OneLayer

OneLayer

OneLayer provide enterprise grade security dedicated for private LTE/5G networks. We ensure that the best IoT security toolkit is implemented in your cellular environment.

CoreStack

CoreStack

CoreStack helps enterprises overcome cloud challenges such as ever growing security risks, stringent regulatory compliance needs and operational complexities.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.