The document is an ENISA report on the state of cybersecurity in the European Union in 2024. Collaboration with the NIS Cooperation Group and the European Commission is highlighted, providing a data-driven overview of cybersecurity at the EU, national and societal levels.

Topics such as the cyber threat landscape, maturity of cybersecurity capabilities, cyber crisis management, supply chain security, and cybersecurity awareness and skills are addressed.

It also includes policy recommendations to improve cybersecurity in the EU, such as strengthening technical and financial support, revising the EU Incident Response Plan, and addressing the cybersecurity skills shortage.

The report includes several policy recommendations to improve cybersecurity in the European Union:

1. Strengthen technical and financial support: It is recommended that further technical and financial support be given to the competent authorities and entities within the scope of the NIS2 Directive to ensure a harmonised and coherent implementation of the EU cybersecurity policy framework.

2. Review the EU Incident Response Plan: It is suggested to review the Incident Response Plan for large-scale cyber incidents, taking into account the latest developments in EU cybersecurity policies, to promote the harmonisation and optimisation of cybersecurity and to strengthen national and EU capabilities.

3. Strengthen the EU’s cyber workforce: Implement the Cybersecurity Skills Academy, establish a common EU approach to cybersecurity training, identify future skills needs and develop a European certification scheme for cybersecurity skills.

4. Address supply chain security: Conduct coordinated risk assessments at the EU level and develop a horizontal policy framework for supply chain security, focusing on both public and private sector cybersecurity challenges.

5. Promote a unified approach: Build on existing policy initiatives and harmonise national efforts to achieve a high common level of cybersecurity and cyber hygiene awareness among professionals and citizens, regardless of their demographics.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Mass attacks, such as the New Year’s Day incident in New Orleans (USA), stir public emotion and have tragic consequences. While the investigations into this case will take some time, it is known that there are things that law enforcement and society can do to mitigate and perhaps stop mass casualty events.

This is the view of Richard H. Donohue and John S. Hollywood who published research on evidence of protection against attacks, as well as an article in Rand. For example, the car ramming in New Orleans that caused the death of 14 people created fear and uncertainty. While it is impossible to say whether these specific incidents could have been prevented, there are ways to make such attacks more difficult.

First of all, we know that layered security works. To complete a high death toll attack, a would-be terrorist must engage in violence, plan, acquire weapons and skills, complete preparations, arrive on scene, breach the site perimeter and internal security measures, and attack a crowd without being stopped quickly. A system-based, or layered, approach puts the odds in favour of law enforcement, since the attacker must be lucky many times to succeed, while defenders would only need to succeed once.

Therefore, security administrators must think systemically about how their sites look and how the layers of security will work collectively. Access and entry control systems, including working external and internal door locks, secured windows and secure entry spaces, such as monitored entry routes and secured vestibules, have helped protect against attackers. On-scene security, as well as aware and engaged bystanders, have also stopped many attacks. In particular, bystanders who take shooters down to the ground have been very effective in ending mass shootings. The «Run, Hide, Fight» or, alternatively, «Avoid, Deny, Defend» strategies have been effective.

Early detection is one of the most important layers of defence. In New Orleans, no specific leads were reported prior to the actual incident. Our research shows that when there is no initial lead, massive attacks are more likely to be completed. However, when there are direct threats, leads, a search or other criminal pursuits, attempts at such attacks are often thwarted, more than 80 percent of the time.

It is important for the public to know the key signs of a possible mass attack plot, especially when someone shows clear and serious intentions to attack and has taken concrete steps to do so. In addition, it is essential that people know where to report suspicious schemes. For policy makers and budget makers, it is crucial to provide training and support to threat assessment teams that follow up on tips. While it is too late to stop the Bourbon Street attack, the attacker released videos describing his initial detailed plans to kill his family, his joining the Islamic State terrorist network and a last will and testament. These are all examples of specific preparations that could have been reported to the authorities prior to the attack.

Other emerging technologies offer various avenues to stop or mitigate damage from attacks, whether they are used to detect and report clear warning signs of plots before they are launched or are integrated to trigger security measures at the first signs that an incident may be coming.

Ultimately, we know that mass attacks will continue. We also know that hardening a target can lead a potential attacker to look for weaknesses and opportunities in another location. However, we are confident that municipalities, law enforcement agencies and the private sector can come together to detect, deter and mitigate threats to the population from terrorism and other targeted violence acts.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Recidivism refers to the act of re-offending after release from prison, parole, or probation. It is a very important concept in criminal justice, as it serves as a key to evaluate the effectiveness of rehabilitation programs, sentencing policies and correctional institutions.

This was stated in a recently published report by the EUCPN – European Crime Prevention Network – on reducing recidivism.

The term encompasses various forms of re-entry into the criminal justice system, such as being arrested, repeatedly convicted or re-imprisoned for committing new offences or violating terms of supervision.

Recidivism rates are often expressed as percentages over a specified period, usually within two to three years of release. For example, if 50 out of every 100 persons released re-offend in a three-year period, the recidivism rate would be 50%.

In the European Union, this diversity in both the definition of recidivism and in the data and collection methods is the reason for the lack of comparable data on recidivism.

A 2020 systematic review of recidivism rates worldwide shows, for example, that Denmark uses reconviction rates at six months, one and two years, while Estonia and France measure recidivism up to five and six years after release.

The overall result is that EU countries, broadly speaking, have two-year recidivism rates of between 30% and 50%. If we add to these recidivism rates that many perpetrators re-offend not just once, but two or more times, we quickly conclude that most crimes are committed by a relatively small number of repeat offenders.

Research in Sweden, based on data relating to all violent offenders from 1973 to 2004 shows that 63% of all those convicted in this period committed a crime by perpetrators with three or more convictions, a group that constitutes 1% of the total population, and a quarter of all criminal violence.

Understanding and addressing recidivism is crucial not only for public safety, but also for reducing the social and economic costs associated with repeated incarceration.

Reducing recidivism rates helps ease the burden on overcrowded prisons and ensures a more effective use of taxpayer resources.

High recidivism rates are often cited as evidence of the current shortcomings of incarceration practices. Several studies have shown that prison sentences, in and of themselves, are not effective in reducing crime and preventing recidivism, or at least are no more effective than non-custodial alternatives. More importantly, critics argue that punitive approaches, such as (long) prison sentences, do not address underlying problems and may even aggravate criminal tendencies by isolating people and exposing them to criminogenic environments.

Prisonisation refers to the negative effect that prison sentences can have on prisoners’ mental health and behaviour, including criminality. The very conditions of prison life can have a negative impact on inmates’ mental health. It is also likely that inmates will lose their social support networks at the same time as there are new links with offenders likely to be forged. Post-release opportunities, especially employment opportunities, are reduced by the mere fact of incarceration.

However, not all recidivism can be explained as a consequence of prisonisation. Recidivism is influenced by a number of factors, both individual and systemic. At the individual level, factors such as substance abuse, lack of education, mental health problems and limited employment opportunities increase the likelihood of recidivism.

_____

Aquest apunt en català / Esta entrada en español / Post en français

A few days ago, the 2024 annual cybersecurity threat report was released by Recorded Future, of the Insikt Group. The report analyses the tactics, techniques and procedures of threat actors and their motivations as of 2024 with the aim of informing with data on cyber risk management and giving tools for threat detection.

It generally argues that the cybersecurity landscape in 2024 was shaped by the resilience of criminal networks and the increasing complexity of enterprise attack surfaces due to the growing use of SaaS products, which in numerous cases led to unauthorised access to corporate and institutional data due to the increase in stolen credentials.

It also states that actions to curb ransomware operations had limited impact as criminals adapted to them. In addition, the report exemplifies how several state-sponsored actors used generative AI for information operations and state of opinion creation, especially during elections in more than 70 countries, to facilitate geopolitical objectives.

Predictions for 2025 include developers using AI to achieve more secure codes, the possibility of fraud in the cryptocurrency world that could lead to market destabilisation, and new threats as a result of the implementation of Generative Artificial Intelligence.

Main conclusions

The growing adoption of SaaS (Software as a Service) amplifies the risk of identity exploits, with stolen credentials accessed by malware to steal information that causes significant damage. These data-stealing infections, often targeting personal devices, gained more credentials per infection than in previous years, increasing the risk to SaaS ecosystems.

Extortion groups proliferate despite police action. Law enforcement actions disrupted major criminal ransomware groups, but the criminals reorganised into smaller groups, demonstrating their operational resilience.

Manufacturing, healthcare and construction were the industries most targeted by ransomware groups,reflecting specific targeting patterns by strategic sectors.

Criminal groups associated with Iran, China and Russia targeted critical civilian infrastructure in disruptive cyberattacks, takinga further step in the hybrid conflicts that increasingly dominate the new contemporary wars.

Generative AI accelerates the spread of inauthentic content in a historic election year. Maliciously influenced state-sponsored operations increasingly rely on GenAI to produce and distribute misleading content to influence elections around the world.

Disruptive tactics and techniques make detection difficult. Criminal groups are increasingly using remote monitoring and management (RMM) tools to evade detection, driven by their operational efficiency. Tactics involving defence evasion showed the greatest increase, highlighting a trend toward strategies that do not involve writing code to disk.

Predictions for 2025

A major breach of AI spoofing in SaaS applications is expected, and new Chinese APT intrusions into U.S. critical infrastructure will be revealed. 

A high-impact cyber incident will likely involve macOS or mobile malware, and crypto fraud will result in a market-destabilising event.

Developers will adopt AI to transition to new code, and the U.S. will move towards harmonisation of cyber regulation.

_____

Aquest apunt en català / Esta entrada en español / Post en français

Younger people are more likely to report cybercrime than older people. As older people spend more time online, this may begin to change. If similarly exposed, risk factors such as social isolation or poor health could make older adults disproportionately susceptible. The survey was conducted to explore whether cybercrime risks and their predictors vary across age groups.

The survey analysed the responses of 35,069 participants over the age of 16 in the 2019/20 Crime Survey for England and Wales (CSEW). They investigated, among people who have used the internet in the past year, the risks of suffering any cybercrime, repeated victimisation and associated financial losses among all age groups.

Despite having a lower risk of reporting any cybercrime in the past year, people over the age of 75 were more likely to report financial losses as a result of cybercrime victimisation and repeated cybercrime victimisation than younger people.

Men, those belonging to mixed or black ethnic groups, the most disadvantaged areas, managerial professional groups and with poorer health were at higher risk of cybercrime.

While younger adults are at a higher risk of cybercrime, older adults reported more severe cases – repetitive victimisation and associated financial losses – perhaps because of being less aware of scams and reporting options.

Because most people experience deteriorating health as they age, a greater understanding of why poor health predicts cybercrime could inform prevention initiatives that would particularly benefit older age groups and mitigate the risks of increasing internet use among older adults. Health and social care professionals could be well positioned to support prevention.

Cybercrimes include hacking through technological methods and social engineering, in which a victim is tricked into revealing the information needed to access a device, network or program, such as a banking application or to transfer money electronically.

Social engineering is a broad term that includes cryptocurrency-related fraud, phishing, and dating, and occurs on platforms such as email and social media. It is inherently discriminatory, as attackers tailor their approach to the vulnerabilities of different victims.

The survey finds that males are more likely to suffer victimisation and recidivism than females. A plausible explanation is that men, who have been found to take more risks than women in general, may also engage in higher-risk behaviours or activities online, making them more vulnerable to wrongdoers.

Older adults may also be less able than younger adults to avoid repeated victimisation and financial loss, and may also be underestimating less severe victimisation that does not involve recidivism in crime or financial loss.

_____

Aquest apunt en català / Esta entrada en español / Post en français