Europol’s 2019 cybercrime report provides insights into emerging threats and key developments, highlighting the fact that cybercrime is continuing to mature and becoming increasingly bold, shifting its focus to larger, more profitable targets as well as new technologies. Data is a key element of cybercrime, both from a crime and research perspective.
Cross-cutting cybercrime phenomena
1. Data is at the centre of the crime scenes. Cybercriminals target data for their crimes, so data security and consumer awareness are paramount for organisations.
- Cybercrime is maturing and becoming increasingly bold, shifting its focus to larger, more lucrative targets.
Main trends outlined by the 2019 report on cybercrime
1. Ransomware remains the top cybercrime threat in 2019.
- DDoS attacks: the use of ransomware to deny an organisation access to its data is a significant threat.
- Data overload in fighting child sexual exploitation material: the amount of online material detected by the police and the private sector continues to increase. This increase puts considerable strain on the resources of investigators. One of the most worrying developments is the online sexual exploitation of minors. Deepfake technology is a technique that places images or video over another video.
- Self-generated explicit material is more and more common, driven by an increasing number of minors with access to high-quality smartphones.
- Smart cities: the most visible ransomware attacks in 2019 were those against local governments, specifically, in the United States.
- The police are increasingly responding to attacks on critical infrastructure.
- The Darkweb is becoming more fragmented. Some organised crime groups are also fragmenting their business through a range of online services and marketplaces, therefore presenting new challenges for investigators.
- Blockchain markets: as well as evading the police, criminal developers are also motivated by a need to increase the loyalty of their customer base, both in terms of anonymity and reducing the risk of scams.
- Business email compromise: data is once again the focus of discussions about business email compromise, which has been identified as a priority issue for both Member States and private industry. While this type of crime is not new, it is evolving rapidly. The scam exploits the way corporations do business, taking advantage of segregated company structures and internal gaps in payment verification processes.
- EU emergency response protocol: the coordinated response to large-scale cyber-attacks remains a key challenge to effective international cooperation in the cybersecurity ecosystem.