Europol Warning: 15 Ways To Become A Cybercrime Victim

Uploaded on 2018-09-24 in NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

From ransomware through to crypto-currency scams, Europol says it wants to stop criminals from making you a victim.
 
Europol has warned of 15 ways in which people can fall prey to cyber criminals as it launched a report on the dangers of the web. The report, the fifth annual Internet Organised Crime Threat Assessment (IOCTA), was presented at the Interpol cybercrime conference in Singapore last week. 
 
Europol described the report as offering "a unique law enforcement view of the emerging threats and key developments in the field of cyber-crime over the last year".
 
It added that the assessment "describes anticipated future threats" and "only has one goal in mind - to stop cybercriminals from making you their next victim."
 
1  .  Ransomware
Ransomware - malicious software that encrypts your computer and demands a ransom to make the files accessible - has become a standard attack tool for cyber criminals.
Europol is warning that criminals are moving from random ransomware attacks, such as the WannaCry attack which hit the NHS, to specifically targeting companies and individuals who might be able to pay larger ransoms.
How to protect yourself?
  • Keep your computer updated
  • Use a reputable anti-virus program
2  .  Mobile malware
Europol warns that malware for mobile phones is likely to grow as people shift from online to mobile banking.
How to protect yourself?
  • Check apps are legitimate before installing them
  • Use a reputable mobile anti-virus program
3  .   Stealthy malware
Europol warns that cyber-attacks have become increasingly stealthy and harder to detect.
Attacks using so-called "fileless" malware are increasingly common. This malware doesn't write itself onto the victim computer's hard-drive, but only exists in parts of the computer memory, such as the RAM.
How to protect yourself?
  • Keep your computer software updated.
  • Be wary of using macros in office programs.
4  .  Extortion
The EU's new General Data Protection Regulation (GDPR) introduces severe financial sanctions, up to 4% of global turnover, for companies that fail to protect users' privacy.
GDPR requires that data breaches are reported within 72 hours, and Europol warns that criminals may try to extort organisations because of this.
"While this is not new, it is possible that hacked companies will prefer to pay a smaller ransom to a hacker for non-disclosure than the steep fine that might be imposed by the authorities."
How to protect yourself?
  • Never pay extortion attempts without contacting the authorities first
5  .  Data for data's sake
Europol warns that the motive behind a lot of network intrusions is the illegal acquisition of data.
This data could be used for a variety of purposes, from developing leads for phishing or payment fraud, through to commercial or industrial espionage.
How to protect yourself?
  • Keep your computer updated
  • Use a reputable anti-virus program
6  .    DDoS
Distributed Denial of Service (DDoS) attacks are very unsophisticated and involve sending so many requests to a network resource that it is overloaded and can't respond to any of them. There are tools widely available allowing unskilled individuals to launch these attacks, and there are limited ways to protect against them because of the way the Internet is engineered.
Fortunately, DDoS attacks can't steal data or cause any damage beyond making a website or Internet resource unavailable.
 
7  .   Social engineering
Social engineering describes a form of attack in which someone exploits human traits, such as kindness or compassion, as part of a cyber-attack. The famous Nigerian prince scams are a form of social engineering fraud.
Europol warns that West African fraudsters are likely to have a more significant role within the EU in the future, as Africa continues to have the fastest growing internet usage globally.
How to protect yourself?
  • Always remember that if it seems too good to be true, it probably is.
8   .   Crypto-Criminality
There are a range of cryptocurrency crimes taking place, according to Europol, and cyber-attacks which historically targeted financial instruments are now targeting cryptocurrency users and businesses. 
Crypto-mining has been exploited by financially motivated cyber criminals, who for instance hack legitimate websites to crypto-jack users visiting those sites - hijacking their CPU power to mine more of the currency.
How to protect yourself?
  • Use a legitimate browser plug-in to avoid running java-script on unfamiliar web pages.
 
9  .  Privacy-oriented Crypto-Currencies
Europol states that it expects "a more pronounced shift towards more privacy-oriented currencies" and said "an increase in extortion demands and ransomware in these currencies will exemplify this shift".
How to protect yourself?
  • Report all extortion attempts to the authorities
  • Keep your software updated to avoid ransomware
10  .   Volume of child abuse material
The volume of child sexual abuse is growing to levels "that were unimaginable ten years ago" according to Europol, "partly because of the growing number of young children with access to internet-enabled devices and social media".
How to react? 
  • Seeing images and videos of child sexual abuse can be upsetting, but the right thing to do is report it to the Internet Watch Foundation here. Your report could lead to the rescue of a young victim from further abuse.
11.  Self-generated material
A large amount of child sexual exploitation material is self-generated. These images are often initially produced and shared voluntarily by young people, but end up in the hands of online child sex offenders. Offenders have also obtained images through sexual extortion.
How to protect yourself and others?
  • Educate children about the risks of sharing nude images online and encourage them to report any harassment or extortion attempts to a responsible adult.
12  .   The "Darknet"
Europol says that offenders are continuously seeking new ways to avoid detection from law enforcement, including by using anonymisation and encryption tools - and in some cases even the Bitcoin blockchain.
Almost all of this material is available on the open internet, but very extreme material can be found on hidden services that can only be accessed on the "Darknet" according to Europol.
How will they catch these criminals?
 
  • The widespread use of encryption on the web today has repeatedly been described as an issue for law enforcement, security, and intelligence agencies.
  • According to a report by Parliament's Security and Intelligence Committee, in 2016 GCHQ was engaged in a major ongoing project called FOXTROT, which was designed "to increase GCHQ's ability to operate in an environment of ubiquitous encryption".
13  . Live streaming
Live streaming of child sexual abuse is a very difficult crime to investigate. Europol states: "It often leaves few forensic traces and the live streamed material does not need to be downloaded or locally stored."
It has been on the rise for some years as video streaming technology has improved.
This form of abuse "will most likely move to other parts of the world, where legislation and law enforcement are not always able to keep up with the rapid developments in this area," warns Europol.
How to tackle it?
  • Internet businesses currently use the Child Abuse Image Database, which contains 30 million cryptographic hashes (digital fingerprints that can be used to identify files) to automatically detect when someone attempts to upload a known indecent image to their platforms.
However, this form of filtering is unable to capture new indecent images that haven't been reported before - nor can it address child abuse material which is being streamed. Sajid Javid, the home secretary, has pledged £250,000 towards the development of technologies which can detect live-streamed abuse.
 
14  .  Skimming
Credit card skimming is still successful as magnetic stripes on cards continue to be used. The presence of cameras alongside chip and pin skimmers can also allow criminals to capture the PIN alongside their attempts to clone the chip.
How to protect yourself?
  • Check instant payments on your banking app to be aware of fraud attempts
  • Make sure you cover your PIN when at an ATM
15  .  Telecommunications fraud
Fraudsters on the phone is an old but growing trend in fraud involving non-cash payments. Fraudsters can pretend to be from financial institutions or banks when attempting to collect details from you.
How to protect yourself?
  • Never hand out financial information, including card details, over the phone
  • Always double-check that someone claiming to be a representative from your bank is a real person, and call them back on a publicly listed number
Europol's executive director Catherine De Bolle said: "Cyber-Crime cases are increasingly complex and sophisticated. 
 
"Law enforcement requires additional training, investigative and forensic resources in order to adequately deal with these challenges. 
"The policing opportunities arising from emerging technologies, such as big data analytics and machine learning, need to be seized. 
"Europol will continue its efforts to enhance co-operation with international law enforcement and government agencies, tech companies, academia and other relevant stakeholders. Only if we do this, can cyber-crime be combated effectively."
 
The European commissioner for the security union, Sir Julian King, concluded: "As the report shows, Europe is still faced with a range of security threats from terrorism and cyber.
 
"We will continue to take decisive action, with the support of Europol, to tackle these threats, through our proposals on terrorist content online, electronic evidence and on election security, and through our cyber security strategy."
 
Europol:       Sky
 
You Might Also Read: 
 
Cyber Criminals Are Outspending Business:
 
 
 
 
« Former MI5 Chief Wants Retaliatory Attacks On Russia
British Government Is Planning Internet Regulation »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

CIRT.GY

CIRT.GY

CIRT-GY is the national Computer Incident Response Team for Guyana.

Redicom

Redicom

Redicom is an independent consulting agency focusing on identity management, strong authentication and single-sign-on.

Shape Security

Shape Security

Shape Security provide best-in-class defense against malicious automated cyberattacks on web and mobile applications.

ODSC

ODSC

ODSC is a security systems integrator that provides services and expertise in identity management and access.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

The Legal 500

The Legal 500

The Legal 500 Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. Practice areas covered include Data Protection, Privacy and Cybersecurity.

AppOmni

AppOmni

AppOmni is the only SaaS CSPM solution that gives teams all the tools they need to be successful – from security posture management to monitoring and detection to continuous compliance.

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

VIRTIS

VIRTIS

VIRTIS' mission is to provide today's leading organizations peace of mind that their entire digital network perimeter is safe from hackers and data breach.

xMatters

xMatters

xMatters is a digital service availability platform that helps enterprises prevent, manage, and resolve IT incidents before they can become business problems.

nsKnox

nsKnox

nsKnox is a fintech-security company, enabling corporations and banks to prevent fraud and ensure compliance in B2B Payments.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

ArmorCode

ArmorCode

ArmorCode's intelligent application security platform gives us unified visibility into AppSec postures and automates complex DevSecOps workflows.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

Trovent Security

Trovent Security

Trovent was founded with a clear goal: to support medium-sized companies in significantly increasing their IT security level.