Europol Warning: 15 Ways To Become A Cybercrime Victim

Uploaded on 2018-09-24 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

From ransomware through to crypto-currency scams, Europol says it wants to stop criminals from making you a victim.
 
Europol has warned of 15 ways in which people can fall prey to cyber criminals as it launched a report on the dangers of the web. The report, the fifth annual Internet Organised Crime Threat Assessment (IOCTA), was presented at the Interpol cybercrime conference in Singapore last week. 
 
Europol described the report as offering "a unique law enforcement view of the emerging threats and key developments in the field of cyber-crime over the last year".
 
It added that the assessment "describes anticipated future threats" and "only has one goal in mind - to stop cybercriminals from making you their next victim."
 
1  .  Ransomware
Ransomware - malicious software that encrypts your computer and demands a ransom to make the files accessible - has become a standard attack tool for cyber criminals.
Europol is warning that criminals are moving from random ransomware attacks, such as the WannaCry attack which hit the NHS, to specifically targeting companies and individuals who might be able to pay larger ransoms.
How to protect yourself?
  • Keep your computer updated
  • Use a reputable anti-virus program
2  .  Mobile malware
Europol warns that malware for mobile phones is likely to grow as people shift from online to mobile banking.
How to protect yourself?
  • Check apps are legitimate before installing them
  • Use a reputable mobile anti-virus program
3  .   Stealthy malware
Europol warns that cyber-attacks have become increasingly stealthy and harder to detect.
Attacks using so-called "fileless" malware are increasingly common. This malware doesn't write itself onto the victim computer's hard-drive, but only exists in parts of the computer memory, such as the RAM.
How to protect yourself?
  • Keep your computer software updated.
  • Be wary of using macros in office programs.
4  .  Extortion
The EU's new General Data Protection Regulation (GDPR) introduces severe financial sanctions, up to 4% of global turnover, for companies that fail to protect users' privacy.
GDPR requires that data breaches are reported within 72 hours, and Europol warns that criminals may try to extort organisations because of this.
"While this is not new, it is possible that hacked companies will prefer to pay a smaller ransom to a hacker for non-disclosure than the steep fine that might be imposed by the authorities."
How to protect yourself?
  • Never pay extortion attempts without contacting the authorities first
5  .  Data for data's sake
Europol warns that the motive behind a lot of network intrusions is the illegal acquisition of data.
This data could be used for a variety of purposes, from developing leads for phishing or payment fraud, through to commercial or industrial espionage.
How to protect yourself?
  • Keep your computer updated
  • Use a reputable anti-virus program
6  .    DDoS
Distributed Denial of Service (DDoS) attacks are very unsophisticated and involve sending so many requests to a network resource that it is overloaded and can't respond to any of them. There are tools widely available allowing unskilled individuals to launch these attacks, and there are limited ways to protect against them because of the way the Internet is engineered.
Fortunately, DDoS attacks can't steal data or cause any damage beyond making a website or Internet resource unavailable.
 
7  .   Social engineering
Social engineering describes a form of attack in which someone exploits human traits, such as kindness or compassion, as part of a cyber-attack. The famous Nigerian prince scams are a form of social engineering fraud.
Europol warns that West African fraudsters are likely to have a more significant role within the EU in the future, as Africa continues to have the fastest growing internet usage globally.
How to protect yourself?
  • Always remember that if it seems too good to be true, it probably is.
8   .   Crypto-Criminality
There are a range of cryptocurrency crimes taking place, according to Europol, and cyber-attacks which historically targeted financial instruments are now targeting cryptocurrency users and businesses. 
Crypto-mining has been exploited by financially motivated cyber criminals, who for instance hack legitimate websites to crypto-jack users visiting those sites - hijacking their CPU power to mine more of the currency.
How to protect yourself?
  • Use a legitimate browser plug-in to avoid running java-script on unfamiliar web pages.
 
9  .  Privacy-oriented Crypto-Currencies
Europol states that it expects "a more pronounced shift towards more privacy-oriented currencies" and said "an increase in extortion demands and ransomware in these currencies will exemplify this shift".
How to protect yourself?
  • Report all extortion attempts to the authorities
  • Keep your software updated to avoid ransomware
10  .   Volume of child abuse material
The volume of child sexual abuse is growing to levels "that were unimaginable ten years ago" according to Europol, "partly because of the growing number of young children with access to internet-enabled devices and social media".
How to react? 
  • Seeing images and videos of child sexual abuse can be upsetting, but the right thing to do is report it to the Internet Watch Foundation here. Your report could lead to the rescue of a young victim from further abuse.
11.  Self-generated material
A large amount of child sexual exploitation material is self-generated. These images are often initially produced and shared voluntarily by young people, but end up in the hands of online child sex offenders. Offenders have also obtained images through sexual extortion.
How to protect yourself and others?
  • Educate children about the risks of sharing nude images online and encourage them to report any harassment or extortion attempts to a responsible adult.
12  .   The "Darknet"
Europol says that offenders are continuously seeking new ways to avoid detection from law enforcement, including by using anonymisation and encryption tools - and in some cases even the Bitcoin blockchain.
Almost all of this material is available on the open internet, but very extreme material can be found on hidden services that can only be accessed on the "Darknet" according to Europol.
How will they catch these criminals?
 
  • The widespread use of encryption on the web today has repeatedly been described as an issue for law enforcement, security, and intelligence agencies.
  • According to a report by Parliament's Security and Intelligence Committee, in 2016 GCHQ was engaged in a major ongoing project called FOXTROT, which was designed "to increase GCHQ's ability to operate in an environment of ubiquitous encryption".
13  . Live streaming
Live streaming of child sexual abuse is a very difficult crime to investigate. Europol states: "It often leaves few forensic traces and the live streamed material does not need to be downloaded or locally stored."
It has been on the rise for some years as video streaming technology has improved.
This form of abuse "will most likely move to other parts of the world, where legislation and law enforcement are not always able to keep up with the rapid developments in this area," warns Europol.
How to tackle it?
  • Internet businesses currently use the Child Abuse Image Database, which contains 30 million cryptographic hashes (digital fingerprints that can be used to identify files) to automatically detect when someone attempts to upload a known indecent image to their platforms.
However, this form of filtering is unable to capture new indecent images that haven't been reported before - nor can it address child abuse material which is being streamed. Sajid Javid, the home secretary, has pledged £250,000 towards the development of technologies which can detect live-streamed abuse.
 
14  .  Skimming
Credit card skimming is still successful as magnetic stripes on cards continue to be used. The presence of cameras alongside chip and pin skimmers can also allow criminals to capture the PIN alongside their attempts to clone the chip.
How to protect yourself?
  • Check instant payments on your banking app to be aware of fraud attempts
  • Make sure you cover your PIN when at an ATM
15  .  Telecommunications fraud
Fraudsters on the phone is an old but growing trend in fraud involving non-cash payments. Fraudsters can pretend to be from financial institutions or banks when attempting to collect details from you.
How to protect yourself?
  • Never hand out financial information, including card details, over the phone
  • Always double-check that someone claiming to be a representative from your bank is a real person, and call them back on a publicly listed number
Europol's executive director Catherine De Bolle said: "Cyber-Crime cases are increasingly complex and sophisticated. 
 
"Law enforcement requires additional training, investigative and forensic resources in order to adequately deal with these challenges. 
"The policing opportunities arising from emerging technologies, such as big data analytics and machine learning, need to be seized. 
"Europol will continue its efforts to enhance co-operation with international law enforcement and government agencies, tech companies, academia and other relevant stakeholders. Only if we do this, can cyber-crime be combated effectively."
 
The European commissioner for the security union, Sir Julian King, concluded: "As the report shows, Europe is still faced with a range of security threats from terrorism and cyber.
 
"We will continue to take decisive action, with the support of Europol, to tackle these threats, through our proposals on terrorist content online, electronic evidence and on election security, and through our cyber security strategy."
 
Europol:       Sky
 
You Might Also Read: 
 
Cyber Criminals Are Outspending Business:
 
 
 
 
« Former MI5 Chief Wants Retaliatory Attacks On Russia
British Government Is Planning Internet Regulation »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Prosperon Networks

Prosperon Networks

Prosperon Networks support SMB to Enterprise networks through the provisioning of network monitoring software, customisation, consultancy and installation.

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

Maven Technologies

Maven Technologies

Maven Technologies specialize in secure data destruction, electronics recycling, asset management, and highly detailed reporting.

Cyber Talents

Cyber Talents

CyberTalents is on a mission to close the gap of cyber security professionals shortage across the globe.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

NETRIO

NETRIO

If you are looking for a highly mature, exceptionally competent Managed Service Provider, NETRIO has solutions to keep your business running at warp speed with zero disruptions.

LOGbinder

LOGbinder

LOGbinder eliminates blind spots in security intelligence for endpoints and applications.

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM)

Business Resilience International Management (BRIM) is engaged by law enforcement in the UK and overseas to advise on establishing and developing Cyber Resilience Centres (CRCs) for business.

BlockAPT

BlockAPT

BlockAPT, empowering you with an advanced, intelligent cyber defence platform. We protect our customers digital assets by unifying operational technologies against advanced persistent threats.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

LAVAAT

LAVAAT

At LAAVAT, our goal is to make it easy for our customers to build secure IoT devices without a need to invest considerably in embedded security and cryptography expertise.

Avetta

Avetta

Avetta One is the industry’s largest Supply Chain Risk Management (SCRM) platform. It enables clients to manage supply chain risks and suppliers to prove the value of their business.

Entech

Entech

Entech is a managed IT service provider. We work behind the scenes on your network to ensure data security and integrity.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

Roberts & Obradovic Law

Roberts & Obradovic Law

Roberts & Obradovic Law Group is a corporate, privacy, employment and litigation law firm.

Hopper Security

Hopper Security

The Future of Open-Source Risk Management Starts Here. We built Hopper to make sure you can harness the power of Open-Source safely and effectively.