The European Union’s policing agency Europol has released its ninth Internet Organised Crime Assessment.
The 14-page document noted how the invasion of Ukraine also showed once again cyber criminals’ adaptability and opportunism. “Online fraudsters responded swiftly to the circumstances and exploited the crisis by developing a variety of narratives related to it. They targeted victims across the EU under the guise of supporting Ukraine,” the assessment said.
Virtual Private Networks (VPNs) are the most common services such criminals use to shield communication and Internet browsing by masking identities, locations and the infrastructure of their operations. VPNs cater to malware operators, fraudsters, child sexual exploitation (CSE) offenders and any other illicit cyber acts. Cybercrime services are widely available and have a well-established online presence, according to the document. As an example, initial access brokers (IABs) and dropper-services cater to a variety of cybercriminals for use in ransomware attacks and online frauds.
Europol gave the example of VPNLab, one of the most prolific services used by cyber criminals and advertised on the dark web, taken down by law enforcement in January 2022, including police in the UK.
The central commodity of this illicit economy is stolen data, bought for and produced by cyber-attacks, Europol said. “Affiliates of ransomware programmes, fraudsters and hackers seek victim information for gaining access to their systems and bank accounts. Criminal markets are booming with stolen credentials and victim data produced by the aforementioned actors through compromising databases and social engineering techniques.”
Victim information is often monetised to its full extent – meaning that it can be sold to several buyers and can lead to targets being re-victimised, the assessment warned. Dark web forums are an important source for gathering information on operational security (OpSec) such as how to avoid detection, besides the recruitment of affiliates (to carry out ransomware attacks and earn some of the ransom, typically 20 to 40 per cent), pen-testers, company insiders and ‘money mules’ to carry out laundering of proceeds of crime. The victims of frauds may even unwittingly be used as money mules. Online fraudsters may use of gambling platforms to launder profits.
Comment
Andy Zollo, RVP for EMEA at the cyber firm Imperva said: “The fact that so many cybercriminals are now operating co-dependent services is further evidence of how complex the cybercrime industry has become, and demonstrates the need for organisations to have cohesive security strategies in place that can protect applications, APIs, and their sensitive data. However, the flip side is that the growing co-dependency among cybercriminals means that if businesses are able to disrupt any part of the cybercrime supply chain, it can make a significant difference to their overall security posture. Even one solution or initiative, if well-targeted, can be enough to help break the cycle.”
