From encrypting communications to fencing ill-gotten gains on underground sites, organized crime is cashing in on the digital revolution.
The latest organized crime threat assessment from Europol issues a dire warning about the corrosive effect the rising influence of criminal syndicates is having on both the economy and society of the European Union. And it’s all happening online.
“The online environment and online trade provide criminals access to expertise and sophisticated tools enabling criminal activities,” The Europol Threat Assessment said. “Virtually all criminal activities now feature some online components, such as digital solutions facilitating criminal communications.
Digital marketplaces for illicit goods and services, ranging from drugs to trafficked humans, have helped organized crime access new potential victims, the report explained.
Several steps involved in the trafficking of human beings, including recruitment of victims and advertisement of services, “have moved almost entirely to the online domain,” the report said.
“The surface web and the dark web are exploited by criminals who offer all types of illicit commodities and most illegal services online,” Europol said. “The availability and accessibility of secure online channels has resulted in a diversification of the platforms used for illegal online trade. The proliferation of encrypted communication channels and social media platforms allows criminals to easily advertise their illicit offers to a greater number of potential customers.”
Spreading disinformation on social media and messaging services to lure victims across the EU into scams is another popular tactic by organized crime.
The ability to easily buy cybercrime-as-a-service has also enabled otherwise untechnical criminals to pull fraud, distributed denial of service (DDoS), ransomware attacks and more, the report adds, pointing to successes of groups in the space like TrickBot with EMOTET and Ryuk.
“Cybercrime services can be purchased by paying a user fee, a rental fee or a percentage of the criminal profits,” Europol explained. “Criminal tools such as malware, ransomware, phishing facilitators, sniffers, skimmers and distributed denial-of-service (DDoS) attacks are offered online, especially on the dark web.”
And never underestimate the power of Google. How-to’s for almost anything imaginable can be accessed online.
“Manuals and tutorials on offer range from the production of synthetic drugs, the manufacture of crude firearms and improvised explosive devices, to all types of cybercrime activities,” the report added.
Other kinds of cybercrimes lining the pockets of organized criminals include Business Email Compromise (BEC), SIM swapping, phishing and cashless payment fraud, the report explained.
“The move toward cashless economies creates powerful incentives for payment fraudsters,” Europol said. “Cybercriminals seek to compromise online payments, internet and mobile banking, online payment requests, contactless payments (both card-present and not) and mobile applications.”
Cryptocurrency for Money Laundering
The report further explains that these organized crime groups use cryptocurrency for money laundering.
“Illicit proceeds may be already in the form of virtual currencies or digitally converted,” the report added. “New money laundering techniques relying on cryptocurrencies involve the use of mixing services and coin swappers.”
Encrypted communications channels are a must, but criminals are also turning to modified mobile devices without GPS, USB ports, camera or microphone, according to Europol.
“These services remove any association between the device or SIM card and the user,” Europol found in their investigation. “The encrypted interface is typically hidden and works as part of a dual operating system. These phones are sold via networks of underground resellers instead of being distributed via regular retail outlets.”
Looking forward, Europol recommends increased strategic management and investment in cybersecurity infrastructure across the EU: “Currently, Member States are progressing at different speeds in building up digital infrastructures; this may lead to potential vulnerabilities. Government services are increasingly delivered digitally, Europol predicted. Member States’ government authorities are likely to increasingly offer services digitally to cut costs and enhance their accessibility.”
Cryptocurrencies, mounting troves of personal data stored digitally and increased manipulation of public discourse could pose a threat to the fabric of the EU economy and society.
“Serious and organized crime deeply affects all layers of society; in addition to the direct impact on the daily lives of EU citizens, it also undermines the economy, state institutions and the rule of law,” Europol concluded.
Cybersecurity for multi-cloud environments is notoriously challenging. OSquery and CloudQuery is a solid answer. Join Uptycs and Threatpost on Tues., Nov. 16 at 2 p.m. ET for “An Intro to OSquery and CloudQuery,” a LIVE, interactive conversation with Eric Kaiser, Uptycs’ senior security engineer, about how this open-source tool can help tame security across your organization’s entire campus.