The 2015 Internet Organised Crime Threat Assessment (IOCTA), the annual presentation of the cybercrime threat landscape by Europol’s European Cybercrime Centre (EC3), covers the key developments, changes and emerging threats in the field of cybercrime for the period under consideration.
It offers a view predominantly from a law enforcement perspective, highlighting a number of operational successes, and is based on contributions by EU Member States and the expert input of Europol staff, which has been further enhanced and combined with input from private industry, the financial sector and academia.
The assessment highlights important developments in several areas of online crime:
- Cybercrime is becoming more aggressive and confrontational, suggesting changes in the profile of cybercrime offenders and increasing the psychological impact on victims.
- Malware, particularly ransomware, remains a key threat for private citizens and businesses both in terms of quantity and impact.
- The lack of digital hygiene and security awareness contributes to the long lifecycle of exploit kits using well-known attack vectors but also provides new attack vectors as the number of devices in the Internet of Things grows.
- Growing Internet coverage in developing countries and the development of pay-as-you-go streaming solutions providing a high degree of anonymity to the viewer, are furthering the trend in the commercial live streaming of child sexual abuse.
- The use of anonymisation and encryption technologies is widening. Attackers and abusers use these to protect their identities, communications, data and payment methods.
The report identifies a number of key recommendations to address these developments:
- The continuation of close law enforcement cooperation in targeting the key criminal networks and criminal facilitators for cybercrime with a special focus on cross cutting crime enablers such as bulletproof hosting and laundering services.
- Law enforcement should seek to actively engage in and share the success of multi-stakeholder initiatives such as Europol's Airline Action Days and E-commerce initiative.
- Adequate resources should be given to prevention strategies to raise awareness of cybercrime and increase standards in online safety and information security.
- Law enforcement requires the tools, training and resources to effectively investigate complex cybercrime cases and the underlying criminal structures as well as to deal with high-volume crime.
- It is essential for law enforcement to build and develop working relationships with EU and non-EU partners in law enforcement, private industry and academia, and to promote the lawful exchange of information and intelligence in relation to criminal activity.
- In collaboration with the private sector and academia, law enforcement needs to explore investigative and research opportunities related to emerging technologies such as decentralised marketplaces, artificial intelligence and blockchain technology.