With the release of the Serious and organised crime threat assessment (Socta) for 2017, the European Police Commission (Europol) has set out the policy framework for its focus over the next four years. Unsurprisingly, given the number of recent network attacks, one of the key issues highlighted in the document is cyber crim...
Unlike other, conventional, policing organisations, which are governed by national boundaries, Europol is cross-border partnership between all of the law enforcement agencies in the European Union (EU). Europol’s impact is, of course, far wider. This is what makes Socta such an important document, especially in terms of how it foresees the shifting landscape of organised crime in the coming years.
As Europol is an umbrella organisation for all of the law enforcement agencies in the EU, the findings of Socta provide the policy framework that Europol will enact as strategic objectives in the next four years.
The particular focus of Socta is on organised crime groups (OCGs). According to the United Nations Convention against Transnational Organised Crime, these are defined as “a group of three or more persons existing over a period of time acting in concert with the aim of committing crimes for financial or material benefit”.
This might seem a narrow view, but to put this into perspective, there are over 5,000 OCGs currently under investigation that are operating within the EU. This is nearly a 40% increase on the 3,600 OCGs that were known to be operating in 2013. This increase may be partly due to greater operational awareness by Europol.
The profits generated by some of the OCGs and individual criminals rival those of multinational corporations.
Socta notes that OCGs in the EU display “a high degree of adaptability and creativity in exploiting and employing new technologies. While not all criminal activities are driven by technological developments, the internet and ever-increasing connectivity have an impact on virtually all types of serious and organised crime.”
Read more about collaboration on fighting cyber crime
- Cyber crime will be defeated only through collaboration, according to UK police, the Global Cyber Alliance, Cyber Defence Alliance and Verizon.
- Cyber crime continues to increase in volume and sophistication, but European law enforcement is fighting back, using collaboration and industry partnerships to compensate for a lack of resources.
- Why collaboration is the only way to combat cyber threats.
Socta identified the following activities as specific priority crime threats:
- Cyber crime
- Drug production, trafficking and distribution
- Migrant smuggling
- Organised property crime
- Trafficking in human beings
Network attacks that result in unlawful access to, or disclosure of, private data (data breaches) or intellectual property are growing in frequency and scale, with hundreds of millions of records compromised globally each year.
“Internet penetration is increasing,” says Philipp Amann, head of strategy at Europol’s European Cybercrime Centre (EC3). “More and more devices are getting connected to the internet, which thereby increases the number of potential victims.”
Ransomware targeting public and private sectors
Since 2013, ransomware has become the leading malware, in terms of threat and impact. Following the trend of information stealers, ransomware campaigns are now increasingly targeting public and private sector organisations, and such threats are set to evolve and make up the majority of cyber-attacks in 2017.
The growing number of internet-connected devices as part of the expanding internet of things (IoT) will create new opportunities for cybercriminals.
Socta notes that some connected devices still remain vulnerable to intrusion and criminals are already deploying new techniques to compromise IoT devices in order to gain personal and financial information, as well as confidential data on business transactions.
Some member states of the EU have also highlighted the danger posed by insider threats within organisations. Any network that holds data that can be monetised becomes a viable target for such attacks.
It has often been observed that it is the human element that is the weakest link in a security network. Quite often individuals may be unaware that what they are doing is dangerous or criminal, as they are often manipulated into complying through social engineering.
“The ‘insider’ is often not malicious,” observes Colin Tankard, the managing director of Digital Pathways. “Rather the ‘insider’ is a user mistakenly sending data from the organisation, clicking on a link and allowing malware in, or internet sites being visited and Trojans being installed.”
Fraud on the increase
With an increasing number of financial transactions taking place electronically, through e-Commerce and online banking, it is unsurprising that fraud is on the increase.
One area of note is that due to the number of data leaks that have occurred over the years, millions of account details have been become available through marketplaces on the darknet. However, the supply of account details now outweighs the demand for them. In all likelihood, there are accounts, whose details have been leaked, but have not been used. Therefore, it is possible that companies may potentially have unsecure accounts still in their system, simply because their details have not been used.
“Organisations need to be more controlled about their websites and monitor how they are being used,” says Tankard. “These attacks can be controlled by using appropriate data protection systems, which would alert to any false sites, or automated processes in action on a website.”
Socta also notes that new payment methods could provide criminals with further opportunities to use compromised card data. Likewise, the growing e-commerce industry will result in a parallel growth of card-not-present fraud (such as through internet or telephone purchases), especially as protections against card fraud (such as when using ATMs) have become more effective.
As well as the specific crimes detailed above, Europol will be pursuing cross-cutting threats. Unlike conventional criminal activities, where the end result is financial or material gain, cross-cutting threats are criminal activities that enable and facilitate other types of criminal enterprise.
Socta highlighted the following as the priority cross-cutting threats:
- Criminal finances and money laundering
- Document fraud
- Online trade in illicit goods and services.
Activities such as money laundering allow OCGs to process the proceeds of crime into legitimate currency that can be used as normal. Criminal networks are continuously seeking to exploit the latest technological developments, such as crypto-currencies and similar anonymous payment methods, for the purpose of moving of large amounts of criminal funds.
Despite the risk, few companies actually control and protect their documents, making them vulnerable to fraud. “The legal sector is notorious for this, where documents are shared but not protected to enable verification or tracking of changes,” observes Tankard.
The need for encryption
To protect against document fraud, email protection should be included in any document management plans. There is an increasing amount of sensitive information now included in emails, resulting in the need for the use of encryption, encrypted document attachments and even digital signatures, to verify the owner and receiver.
Through targeting activities such as document fraud and money laundering, Europol plan to hamper criminal activities and reduce the ability of OCGs to develop their businesses.
As cyber crime is one of the key areas Europol will be focusing on, it is fair to say that Europol expect cybercrime to increase in frequency and severity.
Europol’s EC3 encourages companies to conduct security and privacy by design as part of their manufacturing process. “Those principals dictate you would not use a default password for instance but force users to change the password,” says Amann. “Give the possibility to update devices and have some automated process around that.” If, for whatever reason, the end device cannot be fully secured, EC3 recommends employing network inspection that will track threats across networks.
In addition to this, Europol advocates that companies should remain aware of their risk posture, especially when they are developing new products or entering a new market. “It is extremely important to remain aware of the risks, your exposure and the common threats in your sector,” says Amann.
“There are a lot of things companies can do to protect themselves and, in doing so, help security in general by making the network more secure.”
Europol to connect with industry partners
As in previous policy cycles, we can expect Europol to reach out to law enforcement agencies to coordinate operations against OCGs. In addition to this, Europol will be seeking to connect with industry partners and other stakeholder groups in order to encourage them to work together in combatting cyber crime.
While Socta indicates a heightened campaign against cyber crime, it can only be achieved through a concerted effort of all involved. “Reports from Europol, and even the UK’s new National Cyber Security Centre [NCSC], can lead many organisations and individuals into thinking they are ‘safe’. In practice, they are looking after critical national infrastructure areas,” says Tankard.
Only by companies collaborating with security agencies to establish rigorous standards of network security, can the UK tech industry meet the forthcoming challenges posed by OCGs. “Industry has realised it plays an important role in combating cyber crime by working alongside law enforcement,” says Amann.