Cyber-criminals have continued to adapt and grow in sophistication over the past year, to stay hidden on the dark web and cause maximum damage with ransomware attacks, according to Europol.
Ransomware remains “the most dominant threat” today and is becoming more dangerous as cyber-criminals continue to target their attacks with sophisticated, multi-stage raids starting with reconnaissance.
Europol warned that the combination of ransomware and third-party providers is a “lethal” one as it can damage entire supply chains, with threats to wipe or auction stolen data turning the heat up further on victim organizations.
Widespread under-reporting is also hampering law enforcement efforts as victims look to limit reputational damage, it claimed in the Internet Organised Crime Threat Assessment (IOCTA) 2020 report.
“Negative publicity leading to reputational fallout may lead to re-victimization, which may prevent victims from coming forward to law enforcement authorities with information which could be crucial in identifying and catching the perpetrators,” Europol said.
“Victims prefer to engage with private sector security firms for investigating the attack or negotiating with the extortionists to manage the crises triggered by ransomware (some IT security firms hire specialist negotiators, some of whom get discounts from organized crime groups). Some of the companies that negotiate the ransom payment are working on the edge of legality, as they have developed a trusted business relationship with the ransomware actors.”
Cyber-criminals are also getting better at hiding their activity on the dark web, despite major disruption to underground marketplaces.
A series of 2019 takedowns and the recent closure of Empire Market may have appeared as if law enforcement had the upper hand, but the cybercrime community is rallying, according to Europol.
"Darkweb administrators have been observed pulling together and showing a collaborative spirit to maintain the environment under challenging circumstances," it claimed.
"When faced with similar challenges, forum and service administrators have been seen working more closely together over sharing code and security methodologies (i.e. anti-DDoS measures, avoiding scams, creating trust-building sites to help users navigate vendors across different marketplaces)."
These efforts have been enhanced with new security approaches including the appearance of wallet-less and user-less markets, multi-signature crypto-currency wallets, no JavaScript policies, Sonar and Elude for secure email, and Telegram, Discord and Wickr for other encrypted comms.
Surface e-commerce web sites are also being used in growing numbers to advertise their products and services, said Europol.