资源描述:
INTERNET ORGANISED CRIME THREAT ASSESSMENTINTERNET ORGANISED CRIME THREAT ASSESSMENT IOCTA 2018 © European Union Agency for Law Enforcement Cooperation 2018. Reproduction is authorised provided the source is acknowledged. For any use or reproduction of individual photos, permission must be sought directly from the copyright holders.This publication and more ination on Europol are available on the Internet. ISBN 978-92-95200-94-4 ISSN 2363-1627 DOI 10.2813/858843 QL-AL-18-001-EN-N www.europol.europa.eucontents foreword 04 abbreviations 05 cutive summary 06 1 / key findings 09 2 / recommendations 11 3 / introduction 14 4 / crime priority cyber-dependent crime 5 / crime priority child sexual exploitation online 4.1. Key findings 16 4.2. Malware 16 4.3. Attacks on critical infrastructure 21 4.4. Data breaches and network attacks 22 4.5. Future threats and developments 26 4.6. Recommendations 29 5.1. Key findings 31 5.2. The availability and online distribution of CSEM 33 5.3. The online organisation of offenders 34 5.4. Online sexual coercion and extortion 35 5.5. Live streaming of child sexual abuse 33 5.6. Future threats and developments 375.7. Recommendations 38 6 / crime priority payment fraud 6.1. Key findings 40 6.2. Card-present fraud 40 6.3. Card-not-present fraud 43 6.4. Other categories of payment fraud 44 6.5. Future threats and developments 45 6.6. Recommendations 45 7 / crime priority online criminal markets 7.1. Key findings 47 7.2. Darknet markets 47 7.3. Future threats and developments 50 7.4. Recommendations 50 8 / the convergence of cyber and terrorism 8.1. Key findings 52 8.2. The use of the internet by terrorist groups 52 8.3. Recommendations 53 9 / cross-cutting crime factors 9.1. Key findings 55 9.2. Social engineering 55 9.3. Criminal finances 57 9.4. Common challenges for law enforcement 60 9.5. Future threats and developments 61 9.6. Recommendations 64 10 / the geographic distribution of cybercrime 10.1. The Americas 66 10.2. Europe 67 10.3. The Middle East and Africa 67 10.4. Asia 68 10.5. Oceania 68 references 69foreword It is my pleasure to introduce the 2018 Internet Organised Crime Threat Assessment IOCTA, which has been and continues to be one of the flagship strategic products for Europol. It provides a unique law enforcement focused assessment of the emerging threats and key developments in the field of cybercrime over the last year. This is of course only possible thanks to the invaluable contributions from European law enforcement and the ongoing support we receive from our partners in private industry, the financial sector and academia. Each year the report highlights cyber-attacks of an unprecedented scope and scale. This year is no different, demonstrating the continuing need for greater cooperation and collaboration within our law enforcement community, an ethos at the very heart of Europol’s mission. The report also brings to our attention previously underestimated threats, such as telecommunication frauds, demonstrating the necessity for law enforcement to constantly adapt and develop and the need for continued training in all aspects of cybercrime. This report embodies Europol’s keywords trust, sharing and cooperation. While some cyber-attacks continue to grab headlines with their magnitude, other areas of cybercrime are no less of a threat or concern. Payment fraud continues to emphasise criminal gains and the facilitation of other crimes, as well as significant financial losses for citizens and financial institutions alike. Online child sexual exploitation epitomises the worst aspects of the internet and highlights the ever present danger to our children from those who would seek to exploit or abuse them. The fight against this heinous crime must continue unabated. After all, every child, wherever they are in the world, has the right to grow up in a safe environment. This year’s report also describes a number of key legislative and technological developments, such as the introduction of the General Data Protection Regulation GDPR, the Network and Ination Security NIS directive and 5G technology. While these developments are positive, all will in some way impact on our ability as law enforcement officers to effectively investigate cybercrime. This emphasises the need for law enforcement to engage with policy makers, legislators and industry, in order to have a voice in how our society develops. The IOCTA also celebrates the many successes of law enforcement in the fight against cybercrime. As long as European Union law enforcement continues to grow and evolve and to forge new bonds with global partners in both the public and private sector, I am confident that we can continue to report such successes for years to come. Catherine De Bolle cutive Director of Europol IOCTA 2018 internet organised crime threat assessment 4 Only if law enforcement, the private sector and the academic world work together closely, can cybercrime be combated effectively.abbreviations ACS Automated Card Shop AI Artificial Intelligence APT Advanced Persistent Threat APWG Anti-Phishing Working Group ASCS Australian Cyber Security Center ATM Automated Teller Machine BEC Business Email Compromise ccTLD country code Top Level Domains CAV Counter Anti-Virus CEO Chief cutive Officer CERT Computer Emergency Response Team CNP Card-Not-Present CSEM Child Sexual Exploitation Material CSE Child Sexual Exploitation CSIRT Computer Security Incident Response Team CTB Curve-Tor-Bitcoin DDoS Distributed Denial of Service DEA United States Drug Enforcement Agency DPA Data Protection Agency DSP Digital Service Providers EBF European Banking Federation EC3 European Cybercrime Centre EMCDDA European Monitoring Centre for Drugs and Drug Addiction EMMA European Money Mule Actions EMPACT European Multidisciplinary Plat Against Criminal Threats EMV Europay, MasterCard and Visa ENISA European Union Agency for Network and Ination Security EK Exploit Kits EPC European Payment Council EPT Electronic Payment Terminal EUCTF European Cybercrime Task Force FSAG Europol Financial Services Advisory Group FBI United States Federal Bureau of Investigation GAAD Global Airport Action Days GDPR General Data Protection Regulation GPS Global Positioning System GSMA Global System for Mobile Communications Association gTLD Generic Top Level Domain HTTPS HyperText Transfer Protocol Secure I2P Invisible Internet Project ICANN Internet Corporation for Assigned Names and Numbers ICS Industrial Control Systems ICT Ination and Communications Technology IOCTA Internet Organised Crime Threat Assessment IOS In Our Sites IoT Internet of Things IP Internet Protocol IPC³ Intellectual Property Crime Coordinated Coalition IRSF International Revenue Share Fraud IS Islamic State ISAG Europol Internet Security Advisory Group ISP Internet Service Provider IVTS Inal Value Transfer System IWF Internet Watch Foundation J-CAT Joint Cybercrime Action Taskforce KYC Know Your Customer LDCA Live Distant Child Abuse NCMEC National Center for Missing and Exploited Children NIS Network and Ination Systems NSA National Security Agency OCG Organised Crime Group OES Operators of Essential Services OSP Online Service Providers P2P Peer to Peer or People to People PBX Private Branch Exchange PITA Pacific Island Telecommunication Association PoS Point of Sale PSD Payment Services Directive RAMP Russian Anonymous Marketplace RAT Remote Access Trojan RDP Remote Desktop Protocols RIG EK RIG Exploit Kit SCADA Supervisory control and data acquisition SEPA Single Euro Payments Area SGEM Self-Generated Explicit Material SIENA Secure Ination Exchange Network Application SMS Short Message Service SSL Secure Sockets Layers SWIFT Society for Worldwide Interbank Financial Telecommunications Tor The Onion Router TPP Third Party Provider URL Uni Resource Locator VPN Virtual Private Network IOCTA 2018 abbreviations 5For the fifth year in a row, Europol has produced the Internet Organised Crime Threat Assessment IOCTA. The aim of this Assessment is to provide a comprehensive overview of the current, as well as anticipated future threats and trends of crimes conducted and/or facilitated online. While current events demonstrate how cybercrime continues to evolve, this year’s IOCTA shows us how law enforcement has to battle both innovative as well as persistent s of cybercrime. Many areas of the report therefore build upon previous editions, which emphasises the longevity of the many facets of cybercrime. It is also a testimony to an established cybercrime business model, where there is no need to change a successful modus operandi. The report also highlights the many challenges associated with the fight against cybercrime, both from a law enforcement and, where applicable, a private sector perspective. IOCTA 2018 cutive summary 6 cutive summaryRansomware retains its dominance Even though the growth of ransomware is beginning to slow, ransomware is still overtaking banking Trojans in financially- motivated malware attacks, a trend anticipated to continue over the following years. In addition to attacks by financially motivated criminals, a significant volume of public reporting increasingly attributes global cyber-attacks to the actions of nation states. Mobile malware has not been extensively reported in 2017, but this has been identified as an anticipated future threat for private and public entities alike. Illegal acquisition of data following data breaches is a prominent threat. Criminals often use the obtained data to facilitate further criminal activity. In 2017, the biggest data breach concerned Equifax, affecting more than 100 million credit users worldwide. With the EU GDPR coming into effect in May 2018, the reporting of data breaches is now a legal requirement across the EU, bringing with it hefty fines and new threats and challenges. DDoS continues to plague public and private organisations Criminals continue to use Distributed-Denial-of-Service DDoS attacks as a tool against private business and the public sector. Such attacks are used not only for financial gains but for ideological, political or purely malicious reason. This type of attack is not only one of the most frequent second only to malware in 2017; it is also becoming more accessible, low-cost and low-risk. Production of CSEM continues The amount of detected online Child Sexual Exploitation Material CSEM, including Self-Generated Explicit Material SGEM, continues to increase. Although most CSEM is still shared through P2P plats, more extreme material is increasingly found on the Darknet. Meanwhile, Live Distant Child Abuse LDCA, facilitated by growing internet connectivity worldwide, continues to be a particularly complex of online CSE to investigate due to the technologies and jurisdictions involved. As increasing numbers of young children have access to internet and social media plats, the risk of online sexual coercion and extortion continues to rise. The popularity of social media applications with embedded streaming possibilities has resulted in a significant increase in the amount of SGEM live streamed on these plats. Card-not-present fraud dominates payment fraud but skimming continues Skimming remains a common issue in most of the EU Member States. However, as in previous years, this continues to decrease as a result of geoblocking measures. Skimmed card data is often sold via the Darknet and cashed out in areas where Europay, MasterCard and Visa EMV implementation is either slow or non-existent. Toll fraud has received a considerable amount of attention this year, with criminal groups using counterfeit fuel and credit/debit cards to avoid paying toll fees. Many Member States also reported an increase in the creation of fake companies to access and abuse Points of Sale PoS, as well as profit from compromised ination. Meanwhile, card- not-present fraud continues to be a key threat for EU Member States, with the transport and retail sectors highlighted as key targets within the EU. IOCTA 2018 cutive summary 7As criminal abuse of cryptocurrencies grows, currency users and exchangers become targets Previous reports indicated that criminals increasingly abuse cryptocurrencies to fund criminal activities. While Bitcoin has lost its majority of the overall cryptocurrency market share, it still remains the primary cryptocurrency encountered by law enforcement. In a trend mirroring attacks on banks and their customers, cryptocurrency users and facilitators have become victims of cybercrimes themselves. Currency exchangers, mining services and other wallet holders are facing hacking attempts as well as extortion of personal data and theft. Money launderers have evolved to use cryptocurrencies in their operations and are increasingly facilitated by new developments such as decentralised exchanges which allow exchanges without any Know Your Customer requirements. It is likely that high-privacy cryptocurrencies will make the current mixing services and tumblers obsolete. IOCTA 2018 cutive summary 8 Cryptojacking a new cybercrime trend Cryptojacking is an emerging cybercrime trend, referring to the exploitation of internet users’ bandwidth and processing power to mine cryptocurrencies. While it is not illegal in some cases, it nonetheless creates additional revenue streams and therefore motivation for attackers to hack legitimate websites to exploit their visitor’s systems. Actual cryptomining malware works to the same effect, but can cripple a victims system by monopolising their processing power. Social engineering still the engine of many cybercrimes The significance of social engineering for cyber-dependent and cyber-enabled crime continues to grow. Phishing via email remains the most frequent of social engineering, with vishing via telephone and smishing via SMS less common. Criminals use social engineering to achieve a range of goals to obtain personal data, hijack accounts, steal identities, initiate illegitimate payments, or convince the victim to proceed with any other activity against their self- interest, such as transferring money or sharing personal data. Shutters close on major Darknet markets, but business continues The Darknet will continue to facilitate online criminal markets, where criminals sell illicit products in order to engage in other criminal activity or avoid surface net traceability. In 2017, law enforcement agencies shut down three of the largest Darknet markets AlphaBay, Hansa and RAMP. These takedowns prompted the migration of users towards existing or newly- established markets, or to other plats entirely, such as encrypted communications apps. Although cybercrime continues to be a major threat to the EU, last year again saw some remarkable law enforcement success. Cooperation between law enforcement agencies, private industry, the financial sector and academia is
展开阅读全文