Europol has published a report to assess the threat posed by organised crime on the Internet (2015 Internet Organised Crime Threat Assessment –IOCTA, in English).
The first conclusion of the report is that Cybercrime is still on the rise. The “criminal service” format (production and sale of cybernetic products which lead to crime-related activity) enables delinquents with little technical training to carry out attacks with disproportionate effects considering the extent of their skills. Great profits can be made without taking risks. This ease of access to cybernetic weapons has meant a change in the profile of the delinquents involved as they cause more and more damage.
Improvements in legislation aimed at effectively pursuing these criminals continue to be a necessity. However, it is noted that it would be more effective to create collaborative networks to encourage the private sector to prevent and combat this type of crime.
The use of malware (harmful programmes) is the most important threat to the general public. Attacks with ransomware (programmes which infect devices), which block all or part of the information contained in a computer, tablet computer or mobile, which are often encrypted, in order to blackmail the owner, were identified as the most important threat, as is the case of Trojan horses or Trojans used in the field of banking and remote access tools. The Trojans used to date (Zeus, Citadel and Spyeye) are being substituted by a new generation (Dyre and Dridex).
The numerous cases of wrongful entry, theft and, on occasions, publication of sensitive data to companies and institutions are confirmation that data bases are still an attractive target for cybercriminals. They often use the information acquired to commit fraud and blackmail. What is known as “social engineering”, which involves seeking out human vulnerability beyond the computer system in order to impersonate and deceive directors and company chiefs (often financial) on the network, in order to obtain funds which are then diverted, is prevailing as a more common and effective method within this sphere. Barely any technical knowledge is required but important losses are suffered by the companies affected.
Despite constant technological innovation, cyberattacks continue to use effective tools and methods (malware and social engineering), which tend to be redesigned and reconfigured in order to pose new threats. The main component underlying cybercrime is still a lack of digital hygiene and awareness of network-related risks. This is the only way to explain the durability of the criminal kits available on the market, which, although they are known of, continue to greatly benefit the criminals who use them.