Committee on Security and Defense (SEDE)
The 2020 Internet Organised Crime Threat Assessment (IOCTA) stated that existing problems regarding cybercrime have been exacerbated by the COVID-19 pandemic. With cybercriminals taking advantage of the crisis situation, what further steps should the EU take in the fight against internet crime?
Chairperson: Jennah Said (NL)
INTRODUCTION
During the pandemic, many European Union (EU) citizens turned towards the internet to find a sense of normality during times in which nothing felt normal. From shopping to working, everything had to be shifted to online platforms on a far larger scale than we have ever witnessed before. Unfortunately, the Internet Organised Crime Threat Assessment (IOCTA) that the Europol
During the pandemic, many European Union (EU) citizens turned towards the internet to find a sense of normality during times in which nothing felt normal. From shopping to working, everything had to be shifted to online platforms on a far larger scale than we have ever witnessed before. Unfortunately, the Internet Organised Crime Threat Assessment (IOCTA) that the Europol1The European Union Agency for Law Enforcement Cooperation, better known under the name Europol, is the law enforcement agency of the EU. published in 2020 showed that cybercriminals have been taking advantage of said citizens when they were at their most vulnerable and everyone’s attention was diverted to the health sector. As the existing problems regarding cybercrime have significantly worsened over the course of the COVID-19 pandemic, cybersecurity becomes relevant to our defense and security on individual, national and EU level.
published in 2020 showed that cybercriminals have been taking advantage of said citizens when they were at their most vulnerable and everyone’s attention was diverted to the health sector. As the existing problems regarding cybercrime have significantly worsened over the course of the COVID-19 pandemic, cybersecurity becomes relevant to our defense and security on individual, national and EU level.
The IOCTA 2020 report clearly identifies cybercrime as a major aspect of the European criminal scene. Cybercrime continues to be one of the most dynamic kinds of crime addressed by EU law enforcement. Criminals took advantage of the crisis as the rest of society was striving to contain it, from social engineering, in particular phishing2Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware., to Distributed Denial of Service (DDoS)3A Distributed Denial of Service (DDoS) attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. attacks, and from ransomware to the spread of child sexual abuse material (CSAM). While ransomware, corporate email breach, and social engineering are all well-known cybercrime concerns, their execution changes all the time, making them more difficult to identify and analyse. Ransomware, in particular, continues to be a top priority problem for EU cyber investigators. The quantity of online CSAM identified is continuing to rise, worsened by the COVID-19 epidemic, which has had major effects for law enforcement authorities’ investigation capabilities. The case studies that accompany this report highlight the importance and efficacy of international law enforcement collaboration in combating cybercrime, as well as the critical role that private-public partnerships play in this field.
KEY TERMS
- The Internet Organised Crime Threat Assessment (IOCTA) is Europol’s flagship strategic product, aiming to map the threat landscape of cybercrime and understand how law enforcement can counter it.
- Cybercriminals are individuals or teams of people who use technology to commit malicious activities on digital systems or networks with the intention of stealing sensitive company information or personal data, and generating profit.
- In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information.
- Ransomware is a type of malware that encrypts data on a device, making them useless for the files and the systems that rely on them. Cybercriminals added a degree of complexity to this by threatening to auction off the sensitive information, increasing the pressure on victims to pay a ransom to prevent that from happening.
- Encryption is a method of safeguarding digital data that involves the use of one or more mathematical procedures, as well as a password or “key” to decode the data. The encryption procedure converts data using an algorithm that renders the original data unreadable.
MAIN ACTORS
- The European Union Agency for Cybersecurity (ENISA) is an agency tasked with ensuring a high level of cybersecurity across Europe by contributing to EU cyber policy and assisting Europe in preparing for future cyber threats. ENISA collaborates with its major stakeholders to keep Europe’s society and citizens safe online through knowledge sharing.
- The European Cybercrime Centre (EC3) was founded in 2013 by Europol, the European Union’s law enforcement agency, to “assist in the protection of European individuals, companies, and governments against online crime.” Since its founding, it has been involved in high-profile operations as well as on-the-ground operational assistance, and from 2018 to 2021, it has made cybercrime one of its top priorities.
- In October 2017, the European Parliament passed a resolution on cybercrime, emphasising that combating cybercrime should focus first and foremost on securing and hardening vital infrastructures and other networked devices, rather than pursuing punitive measures.
- Internet users in the EU, generally EU citizens, who might fall victim to cyber criminals due to unawareness of the dangers that lure on the internet.
- Private industries that are in danger of getting their data stolen by cybercriminals with the use of malware.4Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network.
MEASURES IN PLACE
ENISA was given responsibility for improving operational collaboration at the EU level when the EU Cybersecurity Act was passed in 2019. The EU Cybersecurity Act strengthened ENISA and established a cybersecurity certification structure for goods and services. It offered the ENISA a permanent mandate, as well as increased resources and new responsibilities. ENISA is in charge of assisting Member States who request assistance in dealing with cybersecurity incidents and cyberattacks. ENISA plays a critical role in the establishment and maintenance of the European cybersecurity certification framework by laying the technological foundation for specialised certification schemes.5The certification framework will provide EU-wide certification schemes as a comprehensive set of rules, technical requirements, standards and procedures. It will attest that ICT products and services that have been certified in accordance with such a scheme comply with specified requirements. Through a dedicated website, it educates the public about the certification schemes and awarded certificates.
The European Commission submitted a new cybersecurity strategy in December 2020. The goal of the plan is to strengthen Europe’s collective resistance against cyber attacks. This strategy strives to ensure that the internal market functions properly and that the Union has a high degree of cybersecurity, cyber resilience, and trust. During the adoption of the law, the European Parliament emphasised the significance of a coordinated response to cyber-attacks, which was
aided by the European Union Agency for Cybersecurity’s expertise. This will also make operational collaboration between EU nations easier. The Commission specifically proposed legislation on network and information system security, as well as critical infrastructure protection. Both proposals aim to address both cyber and physical resilience of vital entities and networks, and they are currently being worked on by the European Parliament and EU governments.
EU countries developed a sanctions framework for cyber-attacks originating outside the EU in May 2019, allowing them to impose sanctions on cybercriminals and acting as a deterrence by raising the repercussions of launching a cyber-attack against EU countries or international organisations.
Many organisations have been founded to fight against cybercrime. An example of such an organisation is the CyberPeace Foundation, which engages in policy advocacy, research, and training on all areas of cybersecurity and peace. Technology Governance, Policy Review and Advocacy, Capacity and Capability Creation and Building through collaborations with various government bodies, academic institutions, and civil society groups are key areas of activity for the CyberPeace Foundation.
Another example of such an organisation is the European Cybercrime Training and Education Group (ECTEG), which works in close cooperation with the EC3 and The European Union Agency for Law Enforcement Training (CEPOL) 6CEPOL is an agency of the European Union dedicated to training law enforcement officials., both as advisory groups, and is funded by the European Commission. ECTEG is made up of law enforcement agencies from EU and European Economic Area member states, international agencies, academia, private sector, and experts.
KEY CONFLICTS
Considering the magnitude of the damage that ransomware can inflict, victims seem to be hesitant to inform law enforcement or the general public when they have been harmed, making it more difficult to detect and investigate such incidents. Criminals continued to narrow the scope of their ransomware operations. By having the ability to attack supply chains and third-party service providers, ransomware has proven to be a substantial indirect danger to businesses and organisations, including essential infrastructure. One of the most important advancements is a new method of forcing victims into paying a ransom by stealing and then threatening to sell off their sensitive data. Re-victimising victims after a cyber-attack is counterproductive and a significant challenge, as law enforcement needs companies and individuals who have been subject of a crime to come forward. These challenges with the reporting of cybercrime hinder the ability to create an accurate overview of crime prevalence across the EU.
For numerous years, law enforcement’s capacity to get access to and acquire important data for criminal investigations has been challenged by the advancement and expanded use of certain technical innovations. One of the most notable instances in this respect is the widespread usage of encryption, which has numerous security benefits but has also been a development that criminals have eagerly taken advantage of.
The Domain Name System (DNS) over Hypertext Transfer Protocol Secure (HTTPs) is an example of extensive encryption use. The DNS is one of the most essential databases in internet infrastructure. Concerns about DNS traffic being monitored have led to the standardisation of current DNS resolution protocols that utilise encryption. “DNS over HTTPs” (DoH) is one of the protocols that has grown in popularity and usage since it was made the default configuration on the application level.
The utilisation of encryption in these systems has made it harder for law enforcement to access sensitive data and countries hosting the majority of DoH service providers will receive the vast majority of internet DNS lookups, as opposed to the previous national decentralisation of these sensitive queries. As a result, the majority of criminal investigations will include foreign legal petitions to those governments.
Furthermore, the use of encrypted chat and video apps and industry proposals to expand this market pose a substantial risk for abuse and make it more difficult for law enforcement to detect and investigate online CSA activities. Organised crime is increasingly lured to encrypted communication networks that are nearly impossible for law authorities to access, posing a significant threat to public safety. Because of the criminals’ use of developing technologies and the opportunity that new technology may provide for law enforcement, more serious thought is necessary outside law enforcement cooperation.
Ransomware was once again recognised as a top priority concern by the vast majority of law enforcement responders. Despite the fact that it has been included in previous editions of the IOCTA, ransomware remains one of, if not the most, prevalent risks, particularly for public and private organisations both inside and outside of Europe. Criminals have continued narrowing the scope of their ransomware operations. By having the ability to attack supply chains and third-party service providers, ransomware has proven to be a substantial indirect danger to businesses and organisations, including essential infrastructure. One of the most important advancements is a new method of forcing victims into paying a ransom by stealing and then threatening to sell off their sensitive data. Apart from ransomware, European law enforcement agencies noted that malware in general was prevalent in cybercrime cases. Some classic banking Trojans have been repurposed as more complex modular malware to cover a wider range of functions. These advanced kinds of modular malware are a major concern in the EU, especially because their adaptable and extendable nature makes them more difficult to tackle.
FOOD FOR THOUGHT
As the pandemic has caused a rise in cybercrimes all over Europe and cybercriminals have taken advantage of the diversion of attention to the health sector, the EU has to step up and ensure the safety of not only their citizens, but of the private sector and governmental institutions too.
Just to get you to think some more about this topic, here are some questions you can ask yourself. Think carefully and decide on the most suitable course of action:
- There is a need to foster a culture of acceptance and transparency when organisations or individuals fall victim to cybercrime. How can the EU encourage the creation of such a culture so that law enforcement agencies can detect and investigate cybercrime incidents easier?
- Despite the growing sophistication of cyber criminals, the majority of successful social engineering and phishing attacks are due to insufficient awareness of users. How can the EU ensure that users of the internet become more aware of the dangers that lurk there? How can the EU successfully protect these users, especially regarding the fact that more advanced forms of malware have emerged?
- With the use of video chat applications in payment systems, it is harder for law enforcement agencies to apprehend offenders that deal with CSAM as the material is not recorded. What methods could the law enforcement agencies apply in order to still be able to apprehend these offenders?
- It is becoming more and more challenging for law enforcement agencies to access and gather relevant data for criminal investigations due to the widespread use of encryption in private industry. What could the EU do to ensure that law enforcement agencies will be able to access the data that they need for crucial breakthroughs in their investigations?
LINKS FOR FURTHER RESEARCH
- INTERNET ORGANISED CRIME THREAT ASSESSMENT (IOCTA) 2020 (2020) – this video gives a clear explanation and expansion of what is discussed in the IOCTA and the site has a link to the IOCTA document underneath the video
- COVID-19 SPARKS UPWARD TREND IN CYBERCRIME (2020) – this article clearly states the most important threats stated in the IOCTA
- Cybercrime – this page explains what cybercrime is and gives an overview of all that is happening in the EU relating to cybercrime
- The EU Cybersecurity Act – this page explains what the EU Cybersecurity Act is and what its objectives are