Cyber threats and cybercrime: Emerging trends

Ransomware attacks are at the forefront of the landscape of current threats followed by a massive increase in phishing, malicious bots and exploits

ENISA is a specialised knowledge agency for cybernetic security in Europe that came to being in 2004 with the aim of advising the private sector and member countries on prevention, detection and responding to information security problems by raising awareness about networks.

At the beginning of the year, ENISA published the report on the state of cybernetic threats 2017, its sixth publication in this field. This comes with new changes like the creation of the ETL website; the first event in the field of cybernetic threat intelligence; and the development of the first version of the ‘CTI maturity model’ to identify deficiencies in the current tools for sharing information about threats which still prevail in 2018.

The report states that the current trends are characterised by the complexity and sophistication of cybernetic attacks, the greater anonymity of the attackers, the transformation of malicious infrastructures with multi-purpose functions, the monetising of cybernetic crime as the main factors underlying threatening agents, and the dynamic entrance of cybernetic war in cyberspace.

Ransomware attacks have been at the centre of current threats. This last year roughly 4 million samples of ransomware were detected every day. Moreover, surfers known as Firefox and Chrome are reinforcing their security due to the appearance of 22 million new examples of malware in the first term if 2017. Mac, Linux and Windows are also the objective of ransomware. The latter experienced an increase of 20% in 2017 reaching levels such as 75% of attacks of this nature in July. Most financial malware continues to depend on website-based attacks as they try to detect surfers’ weaknesses.

The ‘WanaCry’ outbreak that took place on 12 may 2017 is an example of how ransomware and denial-of-service attacks (DoS) can be combined. There has been an increase in extortion attempts with DoS attacks where the price of the ransom ranging between entre 5 and 200 bitcoins. Furthermore, they have increased even more since the increase in the value of this virtual currency in June 2017. The sector under most attack has been the gambling sector with 80% of attacks. In the first term of 2017, there was a rise of 69.2% in the use of malicious software and some tools took advantage of phishing in electronic mails to transform devices into bots.

Phishing has increased in volume and sophistication. It is widely used as a first step of a cybernetic attack and uses social engineering to obtain confidential information by using fraudulent means.  According to recent research “an average of 1.385 million phishing websites are created every month”. The Spear-phishing modality is of particular note, via electronic mail against specific persons or companies to obtain money or cybernetic espionage, used in 40%.

Exploit kits are able to identify the surfer’s exploited vulnerabilities or on the website application and exploit them automatically. They have the habit or orientating surfing complements like Java and Adobe Flash. At present, it is the only threat mentioned in the 2017 report that has had a decrease in attacks.

The report concludes that because of new attack practices, new technology will have to develop new controls and key performance indicators (KPI) to minimise the risk to organisms where cybernetic threat intelligence is concerned. Similarly, it points out the importance of the development of technical and legal policies related to this changing phenomenon of cybernetic threats and crime.


Aquest apunt en català / Esta entrada en español / Post en français

Internet of Things: when electrical appliances become the object of cyber attacks

With a minimum on 20 thousand million devices predicted to be connected to Internet by 2020, Internet of Things is here to stay. Although it has many undeniably positive effects, the related risks and threats are multiple and are evolving very quickly.

For this reason, ENISA (European Union Agency for Network and Information Security) and Europol have joined forces to address these security challenges along with members of the private sector, police and security sector, the Community Emergency Response Team (CSIRT), the general public and academia.

Internet of Things is a broad and diverse ecosystem in which devices and interconnected services gather, exchange and process data to dynamically adapt to a context. This means that our cameras, televisions, washers and heating systems are “intelligent” and create new opportunities for our way of working, interacting and communicating, and as devices react and adapt to us.

It is important to understand the need to secure these connected devices and develop and implement appropriate security measures to protect the Internet of Things from cybernetic threats. Apart from technical measures, the adoption of Internet of Things has created many legal and legislative challenges, which are new and have far-reaching and complex effects. To address such challenges, cooperation between different sectors and between different actors is essential.

The work of Europol, along with the determination of all pertinent international actors to ensure the numerous benefits of the Internet of Things can be fully appreciated, together address the security challenges and the fight against the illegal use of these devices, making cyberspace a safer place for all:

  • The need for more cooperation and the participation of multiple interest groups to deal with inoperability, as well as security problems, especially with the emerging development of the 4.0 industry, autonomous vehicles and the arrival of 5G.
  • How to ensure that the final device can become technically difficult and expensive to acquire, the focus must therefore be to secure the architecture and the underlying infrastructure, creating trust and security in different networks and domains.
  • There is the need to create stronger incentives to address security problems related to the Internet of Things. This means achieving an optimal balance between opportunity and risk in a market in which scalability and time to market prevail, placing security as a differentiating commercial advantage.
  • To efficiently and effectively investigate the criminal abuse of the Internet of Things, deterrence is another dimension which requires close cooperation between the application of the law, the CSIRT community, the security community and judicial authority.
  • This creates an urgent need for the application of the law to develop the necessary technical skills and experience to successfully combat the fight against cybercrime related to the Internet of Things.
  • These efforts must be complimented by increasing awareness of end-users of the security risks of devices.
  • Taking advantage of initiatives and existing frameworks, a multidisciplinary focus is required to combine and complement actions at a legislative, regulating and political level, and the technical level to secure the ecosystem of the Internet of Things.


Aquest apunt en català / Esta entrada en español / Post en français




2017, the year when cybercrime accelerated

From the end of 2016 and much of 2017, a series of worldwide cybernetic crimes took places which were unprecedented because of their impact and extension. They are the cause of much public concern even though they only represent a small sample of the wide range of cybernetic threat which presently exists.

Internet Organised Crime Threat Assessment (IOCTA) of Europol, identifies the main cybercriminal threats and provides key recommendations to address such challenges.

Assessment of the threat of organised crime via Internet in 2017 presents an in-depth study of key events, changes and emerging threats related to cybercrime last year. It is based on the contributions of member states of the EU, of Europol expert personnel and members from private industry, the financial and academic sectors. The report emphasises the most important events in different areas of cybercrime:

  • Ransomware(malicious software programming)has overshadowed most other cyber-threats with global campaigns which indiscriminately affect victims in multiple industrial and private sectors.
  • The first serious botnet attacks (malicious programmes) took place using internetworking of infected physical devices (IoT).
  • Filtering of data continues to lead to the spreading of large amounts of information, with over 2,000 million recorded relating to citizens of the EU which came to light during the twelve-month period.
  • The dark web continues to be a key transversal facilitator for different fields of crime. It provides access, among other things, to drugs and other psychoactive substances; the provision of firearms which have been used in terrorist attacks; payment details to be able to commit different types of fraud; and fake documents to facilitate fraud, people trafficking and illegal immigration.
  • Criminals continue to use the dark web and other related platforms to share and distribute material involving sexual abuse of children and participate with potential victims, often trying to coerce or sexually extort vulnerable minors.
  • Payment fraud affects almost all industries, which has a major impact on the retail, aeronautic and accommodation sectors.
  • Direct attacks on banking networks to manipulate credit card balances, take control of cash dispensers or directly transfer funds, known as commitments of the payment process, constitute one of the greatest emerging threats in this area.

In spite of the growing threats and challenges, there were some important successful operations last year, like the dismantling of two of the big markets of Darknet, AlphaBay and Hansa, the neutralising of the Avalanche network and Airlineactiondays.

The IOCTA wishes to formulate recommendations for the application of the law and plan in consequence by responding effectively and consensually to cybernetic crime.

  • The application of the law must continue to focus on actors who develop and provide the tools and cybercriminal attack services responsible for ransomware, banking trojans and other malicious programmes and suppliers of DDOS attack tools, antiretroviral services and botnets.
  • The international community must continue to foment trusting relationships with public and private members, CERT communities, etc, so that it is prepared to provide a rapid and coordinated response if there is a global cybernetic attack.
  • The member states of the EU should continue to give support to and deepen its commitment to Europol in the development of pan European campaigns of prevention and awareness-raising.
  • While investigating online child sex abuse, the member states of the EU must guarantee sufficient resources for the fight against crime.
  • The growing threat posed by cybernetic crime requires a legislative commitment which allows for the presence and application of the law to an online environment. The lack of such legislation is leading to a loss of investigative leadership.

All the details are available on 2017 Internet OrganisedCrimeThreatAssessment (IOCTA): IOCTA 2017 website  | IOCTA 2017 PDF version

The IOCTA was presented during the annual session of the CibercrimEuropol-INTERPOL conference, held in The Hague on 27-29 September 2017.

You can consult entries on the previous IOCTA blog at:

IOCTA 2015

IOCTA 2016


Aquest apunt en català / Esta entrada en español / Post en français


The controversy concerning the internment facility for foreigners continues

The controversy regarding the appropriateness of internment facilities for foreigners (CIEs in Spanish) was front-page news last April when the Minister of the Interior, Juan Ignacio Zoido, announced the opening of three new centres in the full senate in Madrid, Algeciras and Malaga.

If Barcelona Council had already requested the closure of the Barcelona CIE  in recent years, the Penal System Observatory  regarding immigration, the Andalusia Criminology Institute of Malaga and the city’s university have published a report calling for the closure of the eight internment facilities present in Spain and for those announced by the Minister not to be opened.[1]

This controversy only serves to spark even more debate within the European Union: management of migration flows (and of refugees) with respect for the democratic principles of the member states and the Union itself. One of the mechanisms foreseen to administer foreigners with no residence permit while their expulsion order is being processed has been the creation of internment facilities, which, without being prisons in the formal sense, allow for the confinement, without freedom of movement, of those persons in an irregular situation in the national territory of a member state until the administrative (or penal) procedure is finalised and expulsion, or, otherwise, authorisation to continue to reside in the country is decided.

The European Union had tried to implement the necessary measures to contain immigration with the directive relative to norms and procedures common to the member states concerning the return of nationals of third countries in an irregular situation,[2] which shared a new amendment to immigration law in Spain years later with a regulation of the functioning of the CIEs.[3] In any case, these regulations have not enjoyed a broad consensus, mainly in countries in the south of Europe, which are under heavy pressure due to migration flows coming from Africa and are left to their fate by members in the north of Europe. The deficient conditions of these centres, and the restrictions on rights which they imply (the directive allows for deprivation of liberty for as many as 180 days; according to Spanish regulations, as many as 60 days), have caused repeated protests both from associations defending human rights and professionals who work with those affected and from some political groups.

The report presented in Malaga at the beginning of July which calls for the closure of all the CIEs points to the fact that, among other criticisms, in 2016 only 29% of the inmates of the centres were expelled, meaning that 71% were freed, a fact which, as far as those signing the report are concerned, means that these facilities are used as a second prison without a just cause (often merely due to residence irregularities). With time this situation has become alarmingly more serious, as in 2013 52.5% of the inmates were finally expelled; in 2014 the figure went down to 47.5%, and then down to 41.4% in 2015, and twelve points less last year. This means that if the purpose of the centres is to facilitate the expelling of foreigners, its effectiveness (considering that the number of inmates has increased) is plummeting.


[2] Vid.

[3] Vid.


Aquest apunt en català / Esta entrada en español / Post en français