Serious and organised crime in the European Union

Europol has recently published a threat assessment of serious and organised crime in the European Union (EU), the SOCTA 2021. Published every four years, the SOCTA presents a detailed analysis of the threat of serious and organised crime facing the EU.

The SOCTA 2021 details the operations of criminal networks in the EU and how their criminal activities and commercial practices threaten to infiltrate and undermine our societies, economies and institutions, slowly weakening the rule of law. The report provides unprecedented information on Europe’s criminal underworld based on the analysis of thousands of cases and information supplied o Europol.

The key findings to come out of the SOCTA 2021 include:

Serious and organised crime has never posed such an extreme threat to the EU and its citizens as it does today.

The COVID-19 pandemic, and the economic and social consequences expected to follow, threaten to create the ideal conditions for organised crime to spread throughout the EU and beyond. A key characteristic of criminal networks, once more confirmed by the pandemic, is their agility in adapting to and capitalising on changes in the environment in which they operate.

Similar to a business environment, the core of a criminal network is composed of managerial layers and field operators. This core is surrounded by a range of actors linked to the crime infrastructure providing support services.

With close to 40% of criminal networks involved in the manufacture and trafficking of drugs, it remains the most significant criminal activity in the EU.

The traffic and exploitation of human beings, smuggling of immigrants, online and offline fraud and property crimes pose significant threats to EU citizens.

Criminals use corruption. Almost 60 % of the criminal groups reported on engage in corruption.

Criminals earn and launder billions of euros every year. The scale and complexity of money laundering activities in the EU have previously been underestimated. Professional money launderers have established a parallel underground financial system and use any means to infiltrate and undermine European economies and societies.

Legal business structures are used to facilitate virtually all types of criminal activity with an impact on the EU. More than 80 % of the criminal networks active in the EU use legal business structures for their illegal activities.

The use of violence by criminals involved in serious and organised crime in the EU appears to have been increasing in terms of the frequency of use and its severity. The threat from violent incidents has been augmented by the frequent use of firearms or explosives in public.

Criminals are digitally proficient. Virtually all criminal activities now feature some online component, and many crimes have migrated completely online. Criminals exploit encrypted communications to network with each other and use social media and instant messaging services to reach a larger audience to advertise illegal goods or spread disinformation.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Ransomware poses the most significant cybersecurity threat

According to those responsible for protecting organisations from hackers and cyber attacks, ransomware is the most significant cybersecurity threat faced by companies today.

A survey of information security professionals conducted by cybersecurity firm Proofpoint concludes that ransomware is expected to pose the main cybersecurity threat to their organisations over the next year. This opinion was shared by almost half (46%) of the respondents, together with other forms of external extortion by strangers.

Ransomware remains one of the most damaging types of cyberattacks. At the same time, for cybercriminals, encrypting networks and demanding bitcoins in exchange for the decryption key is the easiest and quickest way to make a substantial amount of money from a hijacked network.

A significant percentage of organisations will pay the ransom (which can amount to millions of dollars) because they see it as the fastest way to restore the network with the least additional inconvenience to the business. And it’s because these ransoms are often paid that ransomware continues to be such an attractive and lucrative option for cybercriminals.

Some of the other cyberattacks also considered some of the most problematic threats this year include phishing and business email compromise attacks.

While not as visible as ransomware attacks, all of these cyber-threats can cause problems for organisations, especially if hackers can combine attacks like phishing with attacks that compromise cloud-account login credentials to gain access to networks.

These types of attacks are often used in the early stages of efforts to compromise networks with ransomware, so protecting the network against a particular form of cyberattack can also help protect it from others.

Fortunately, improving security in one way or another seems to be a priority for the vast majority of organisations, if not all. However, cybercriminals will also endeavour to adapt and evolve. This is why organisations must allow no room for complacency when it comes to cybersecurity and having a solid understanding of their own networks.

_____

Aquest apunt en català / Esta entrada en español / Post en français

What’s behind the worst prison massacre in Ecuador’s history?

The numbers are staggering, and the images of the violence that erupted inside several of Ecuador’s prisons in late February, even more so.

At least 79 inmates died in clashes between rioting rival gangs in prisons in Cuenca, Guayaquil and Latacunga. Even more disturbing is the extreme cruelty and violence of their members, which was exposed by the images of beheaded and dismembered bodies circulated on social media.

The South-American country is no stranger to prison violence. Ecuadorian President Lenin Moreno has had to order a state of emergency in the country’s prisons twice in the past two years. But what happened to bring about the worst prison massacre in the country’s history?

Firstly, an increase in drug trafficking. More than a third of the drugs produced in Colombia transit through Ecuador on their way to Europe and the United States. Ecuadorian gangs are not just arguing for the sake of it; in recent years, Ecuador has become the cocaine highway to the U.S. and Europe. This can be attributed to a shift in the strategy of Colombian drug traffickers, which means that more than a third of the growing cocaine production in Colombia currently reaches Ecuador.

Secondly, austerity. The increase in drug trafficking has translated to an increase in Ecuador’s prison population, which has not been matched by an improvement in monitoring and surveillance capabilities. In addition, as part of the austerity plans agreed with the International Monetary Fund, these sectors have also been affected by cuts, which at the time led to a wave of protests.

The government has had to turn to the army to deal with the violence in prisons. One of the consequences of the shortage of resources is a 70% deficit in the personnel needed to oversee prison security. With numbers like that, prison wardens have to be responsible for an average of almost 27 inmates, while the international standard recommends a ratio of one warden for every nine prisoners. This may help to explain the relative impunity with which drug traffickers operate inside prisons and the abundance of weapons inside penitentiary centres.

Lastly, overcrowding, which continues to hinder the proper management of Ecuadorian prisons. According to the Human Rights Council (HRC), Ecuador’s prison capacity is 28,500 people. But in May 2019, when the state declared the first state of emergency, there were 41,836 inmates in its prisons: an overpopulation of 42%.

As Insight Crime explains, overcrowding in prisons is a regional phenomenon that leads to human rights problems and a lack of control over prison systems. Being forced to intern the members of rival gangs in the same centres has also contributed to the bloody clashes in prisons.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Emotet, the most dangerous malware in the world, has been neutralised

Law enforcement and judicial authorities have succeeded in disrupting one of the most significant botnets of the past decade: Emotet. Investigators have now taken control of its infrastructure in a coordinated international action.

Emotet was one of the most professional and long-lasting cybercrime services out there. First discovered as a banking Trojan in 2014, the malware evolved into a go-to solution for cybercriminals over the years. The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorised access was established, it was sold to other top-level criminal groups who used it to deploy further illicit activities such as data theft and extortion.

The Emotet group managed to take email as an attack vector to the next level. Through a fully automated process, Emotet malware was delivered to victims’ computers via infected email attachments. A variety of different lures were used to trick users into opening these malicious attachments. In the past, Emotet email campaigns have also been presented as invoices, shipping notices and information about COVID-19.

All these emails contained malicious Word documents, either attached to the email itself or downloadable by clicking on a link within the email. Once a user opened one of these documents, they could be prompted to “enable macros” so that the malicious code hidden in the Word file could run and install Emotet malware on a victim’s computer.

Many botnets like Emotet are polymorphic. This means the malware changes its code each time it is used. Since many antivirus programmes scan the computer for known malware codes, a code change can make it harder to detect, allowing the infection to go initially unnoticed.

Thus, Emotet was much more than just simple malware. What made it so dangerous is that it was rented out to other cybercriminals who used it to install different types of malware, such as banking Trojans or ransomware, on a victim’s computer.

This type of attack is called a ‘loader’ operation, and given that other malware operators like TrickBot and Ryuk were able to benefit from it, Emotet was considered one of the most prominent players in the cybercrime world.

The infrastructure used by Emotet involved several hundreds of servers located all over the world. Each one had different functionalities designed to manage victims’ infected computers, spread the malware to new ones, serve other criminal groups, and, ultimately, make the network more resilient to takedown attempts.

To severely disrupt the Emotet infrastructure, law enforcement agencies teamed up to create an effective operational strategy. Eventually, law enforcement and judicial authorities gained control of the infrastructure and took it down from the inside. Victims’ infected machines were redirected towards this law enforcement-controlled infrastructure. This is a unique and new approach to effectively disrupting the activities of cybercriminals.

The operation was the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust. It was carried out within the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).

_____

Aquest apunt en català / Esta entrada en español / Post en français

Cyber-attacks on the healthcare sector increase by 45%

Cyber-attacks on global healthcare organisations increased at more than double the rate of those targeting other sectors in the last two months of 2020.

The latest data from security vendors covers the period from the beginning of November to the end of 2020, and compares it with the previous two months (September-October).

It revealed a 45% increase in attacks on the healthcare sector, versus less than half this figure (22%) for all other sectors. November was particularly bad, with the healthcare sector suffering 626 weekly attacks on average per organisation, compared with 430 in the previous two months.

Although the attacks span a variety of categories — including ransomware, botnets, remote code execution and DDoS — perhaps unsurprisingly, it is ransomware that displayed the largest increase overall and poses the biggest threat.

In fact, financially motivated cybercriminals have been going after the healthcare sector since the start of the COVID-19 crisis, well aware that hospitals and clinics are distracted with the huge surge in cases coming through their doors.

In April, Microsoft revealed how these groups are increasingly using more tactics to gain a foothold in networks, perform lateral movements and credential theft, and exfiltrate data before deploying their ransomware payload.

Central Europe experienced the biggest rise in cyber-attacks on its healthcare sector during the period (145%), followed by East Asia (137%) and Latin America (112%).

Europe recorded a 67% increase, although Spain saw attacks double and Germany recorded a 220% surge. Although North America (37%) saw the smallest rise regionally, Canada experienced the biggest increase of any country, at 250%.

Last year, a number of hospital networks across the globe were successfully hit with ransomware attacks, making cybercriminals hungry for more.

Furthermore, the usage of Ryuk ransomware emphasises the trend of having more targeted and tailored ransomware attacks rather than using a massive spam campaign. This allows the attackers to make sure they hit the most critical parts of the organisation and have a higher chance of getting their ransom paid.

Virtual patching, employee education and being on guard at weekends, when attackers often strike, are crucial tools in the fight against cybercriminals.

_____

Aquest apunt en català / Esta entrada en español / Post en français

2020 cybercrime report

Europol published its Internet Organised Crime Threat Assessment (IOCTA) last October. The IOCTA seeks to inform decision makers on a strategic, tactical and operational level about the threats posed by cybercrime. The 2020 IOCTA helps to set the priorities for the 2021 operational action plans, which follow the three priorities defined below:

1) To interrupt criminal activities related to computer system attacks.

2) To fight against the sexual abuse and sexual exploitation of children, including the production and transfer of material.

3) To target criminals involved in fraud and counterfeiting of non-cash payment methods, including large-scale payment card fraud (especially non-card fraud), emerging threats for other non-cash payment methods and the possibility of activities.

In addition, the IOCTA seeks to consolidate findings on current cyberthreats, which could contribute to the discussion on research and development priorities as well as planning on an EU level.

The outbreak of the COVID-19 pandemic has demonstrated the unfortunate potential of this crisis on our daily lives around the world. As physical boundaries became the norm, cybercrime has become more prominent than ever before. In any case, the COVID-19 pandemic demonstrated how cybercrime remains the same. However, cybercriminals are adapting the specific characteristics of their approach to the social context with a view to improving their success rate. The difference with COVID-19 is that, owing to the physical restrictions implemented in order to prevent the spread of the virus, which led to an increase in people working from home and accessing business resources remotely, many people and companies, who did not previously hold such an online presence, are now a lucrative target.

Traditional cybercrimes, such as phishing and cyber-skill scams, quickly exploited social vulnerabilities, with many citizens and businesses seeking information, answers and sources of help during this time. The spread of misinformation increases the chance of cybercrime occurring. The pandemic also gave rise to misinformation campaigns and activities.

Social engineering remains a major threat in the facilitation of other kinds of cybercrimes. The use of encrypted chat applications and industry proposals to expand this market entails a substantial risk of abuse, and makes it difficult for law enforcement agencies to detect and investigate criminal activity online.

Online communities of cybercriminals present considerable resistance and are continually evolving. Finally, live streaming of child sexual abuse continues to increase, and has become even more frequent during the COVID-19 pandemic.

_____

Aquest apunt en català / Esta entrada en español / Post en français

How COVID-19 is affecting crime

Last month, Europol published a report on how COVID-19 has been affecting crime and terrorism in the EU.

While the pandemic is first and foremost a global public health crisis, it has also proven to have a significant and potentially long-lasting impact on the organised crime and terrorism landscape in Europe, as well as the ability of Member State law enforcement authorities to counter security threats.

While Europe is in the grip of a second wave of the pandemic, the impact of COVID-19 on crime has changed over time. Although some types of crime are here to stay, others come and go with the evolution of the pandemic and its measures. Greater awareness has, however, reduced the impact of some types of crime.

Europol’s report highlights some of the criminal activities to have gained prominence, such as the distribution of counterfeit personal protective equipment, and fake pharmaceutical and sanitary products. An increase in robberies of medical facilities and pharmacies has also been reported.

The area of child sexual abuse has remained a grave concern during the pandemic; with children spending more time online, the risk is potentially increased.

While the number of domestic robberies and common thefts has generally declined in the immediate aftermath of the introduced COVID-19 control measures, these crimes have been on the rise since the easing of the lockdown restrictions. There has been a notable rise in the number of reported robberies of unoccupied commercial premises, ATM attacks, copper theft and light construction vehicle theft.

Criminals have also used various types of schemes involving deception, such as the impersonation of representatives from public authorities or medical staff to gain access to private homes and businesses and steal from them.

Pandemic-themed campaigns have appeared across a wide range of cybercrime activities, including phishing campaigns, ransomware, malware and business email compromise attacks. Healthcare and health-related organisations have also been targeted and fallen victim to ransomware attacks.

The impact of the crisis on the EU drug market appears to have been limited. Some criminals had adapted their modus operandi for the distribution of drugs in order to circumvent barriers. An increase in violence and tensions between drug users has also been identified.

The impact of the pandemic on terrorism and violent extremism has been limited and primarily involved some extremists adapting narratives and propaganda materials to the COVID-19 topic.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Has the Government of El Salvador entered into agreements with the “maras”?

A few days ago, the Salvadoran newspaper El Faro reported that the country’s steep decline in homicides, hailed as the Government’s main achievement during Nayib Bukele’s little over a year-long leadership, was being called into question by a press investigation which claims the success can be attributed to a pact with the ‘mara’ Salvatrucha gang (MS13).

The newspaper published a report, citing official documents and statements from one of the gang’s leaders, which suggest the Government has been in negotiations with MS13 since June 2020, and that the pact would include electoral favours during the 2021 elections.

El Faro’s investigation indicates that negotiations between the Government and the “maras” include the groups’ commitment to back the current officialdom in the election next February. In return, the government has allegedly promised to repeal laws and weaken the maximum security regime in prisons if Bukele’s Nuevas Ideas party gains control of the Legislative Assembly and wins the right to choose the 84 MPs and 262 local governments.

Meanwhile, according to police data, between January the 1st and September the 2nd this year, there were 829 homicides in the country. This figure represents a reduction of approximately 56% on the 1,871 violent deaths recorded during the same period in 2019.

If this trend continues, El Salvador will close 2020 with around 1,200 homicides, representing a murder rate of 18 per 100,000 inhabitants, its lowest figure since 1994.

The “maras” have been declared a terrorist group by El Salvador’s Supreme Court. Therefore, as the evidence supporting the Government’s alleged dialogue with the group mounts and the voices denouncing these links gain credibility, the US State Department and the North-American Congress are becoming increasingly concerned.

Despite the investigative reports, El Salvador’s president, Nayib Bukele, denied his government had made a pact with the “mara” Salvatrucha (MS13) gang to reduce the number of assassinations in exchange for more beneficial custodial terms. Bukele pointed out that the same people who had previously accused the Government of violating the terrorists’ human rights were now accusing it of granting them privileges.

The president recalled the events of last April when the “maras” increased the daily average number of murders for several days. In response, the Salvadoran Government ordered the prisons to confine the “maras” to their cells 24 hours a day, fix metal plates to the bars of their cell doors to prevent them communicating with signals, and ensure gang members were mixed in their cells, regardless of whether they belonged to rival gangs.

However, according to the El Faro newspaper, the decision to mix different gang members in the same prison cell was later repealed following talks between government officials and the heads of the criminal organisations; an accusation denied by the Government.

_____

Aquest apunt en català / Esta entrada en español / Post en français

More cyberattacks in the first six months of 2020 than in the whole of 2019

The profound changes brought about by the COVID-19 pandemic in relation to the growth of remote working, and increasing incidences of ransomware activity have been the two main drivers behind the increase in cyberattacks.

A report by the company CrowdStrike on the recent online threat level affecting its clients revealed more intrusion attempts during the first six months of this year than during the whole of 2019.

The cybersecurity service provider’s threat investigation team blocked some 41,000 possible intrusions between the 1st of January and the 30th of June this year, compared to 35,000 for the whole of last year. Incidents of intrusions involving malicious activity by a cybercriminal during the first six months of 2020, were 154% higher than the number of similar threats identified by CrowdStrike investigators in 2019.

Predictably, one of the major factors responsible for the increased threat activity was the rapid shift to remote work in response to the COVID-19 pandemic. This change significantly expanded the potential attack surface in many organisations, space which the cybercriminals were quick to exploit.

Another contributing factor was the growing availability of ransomware as a service (RaaS) and the consequent increase in the number of users able to carry out network attacks. There was a particularly marked increase in ransomware attacks which also involved the theft of sensitive data and subsequent attempts to extort victims by threatening to make it public.

Despite all the attention that cyber threat and espionage groups have recently garnered, the vast majority of the actual attacks blocked by CrowdStrike during the first six months of this year were financially motivated. In fact, 82% of the attacks detected by the investigators fell into the category of e-crime, compared to 69% in 2019.

As has been the case for some time, organisations in the financial, technology and telecommunications sectors were more active and better protected than organisations in most other sectors. Furthermore, CrowdStrike observed a dramatic increase in intrusion activity involving manufacturing companies.

Indeed, manufacturing was, during the first half of 2020, the second most frequently targeted industry after the technology sector. According to the company, the critical nature of most manufacturing operations and the valuable intellectual property and other data held by manufacturing companies in the sector make it an attractive target for both financially motivated attackers and other cybercriminals.

Other sectors that were increasingly targeted by cybercriminals included healthcare, the food and beverage industry, and academic institutions.

_____

Aquest apunt en català / Esta entrada en español / Post en français

INTERPOL warns of the rising threat posed by cybercrime

369.-baixaIncidences of cybercrime are increasing at an alarming rate as a consequence of the COVID-19 pandemic, and a new report from INTERPOL predicts they will accelerate further.

The report explains how cybercriminals have been exploiting our growing and necessary reliance on digital technology during recent months. This includes a sudden shift to teleworking by many organisations, which has involved the deployment of often unsecured remote systems and networks.

Based on the information provided by its member countries, INTERPOL has concluded that during the pandemic there has been a particularly significant increase in malicious domains (22%), malware and ransomware (36%) and phishing scams (59%).

Threat actors have revised their usual online scams and phishing schemes to commit crimes that feed on people’s financial and health fears during the COVID-19 crisis.

The report has also revealed a significant target shift from individuals and small businesses to major corporations, governments and critical infrastructure which offer more substantial financial gains.

INTERPOL believes that cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19. The increased online dependency for people around the world is also creating new opportunities, with many businesses and individuals not ensuring their cyber defences are up to date.

The report concludes that a further increase in cybercrime is highly likely in the near future. This is primarily due to vulnerabilities related to working from home, a continued focus on coronavirus-themed online scams and, when a COVID-19 vaccination becomes available, it is highly probable that there will be another spike in phishing related to these medical products.

According to the INTERPOL report, therefore, the COVID-19 pandemic is providing a wealth of opportunities for cybercriminals. In fact, many organisations could be at a greater risk of cyber attacks after turning to remote access solutions such as VPNs.

These remote access points may not be correctly configured or sufficiently secure because the remote computers may not have the latest technology installed. Furthermore, personnel may have had to use their own personal devices to work from home, which presents challenges from a security standpoint.

_____

Aquest apunt en català / Esta entrada en español / Post en français