When it comes to the cyber threat landscape, change is the only constant: the inevitable interplay between cybercriminals and law enforcement agencies makes it inevitable.
Europol’s recently released Internet Organised Crime Threat Assessment (IOCTA) 2024 report covers events – law enforcement actions – that happened in the last 12 months (or so) and how the cyber threat landscape shifted because of them.
These actions include the Hive, LockBit and ALPHV/BlackCat takedowns, the takedowns and disruptions of cybercriminal forums, marketplaces and ransomware-delivery botnets, the arrests of dark web vendors, crackdowns on fraudulent investment platforms, and so on.
What changes have these and other events wrought?
According to Europol:
- Ransomware groups have disbanded and reorganised, and it’s harder to tell which threat actors are involved with which groups
- Ransomware-as-a-service (RaaS) providers are competing for affiliates and developers
- Ransomware groups are increasingly going after small and medium-sized businesses (SMBs), as less money to invest in cybersecurity makes for easier targets
- Dark web marketplaces have a shorter life span and others – or mirrors – are being set up soon after takeovers by law enforcement and exit scams
- Double extortion models are increasingly common (and even criminals aren’t safe from extortion attempts)
“The criminal landscape remains wide-ranging, comprising both lone actors and networks with various levels of expertise and capability. Some cybercriminals targeting the EU are EU-based, while others operate from abroad, concealing their illicit operations and funds in third countries,” Europol says.
Cybercriminals still love using Bitcoin (but altcoins are seemingly getting more popular), the Tor network, and end-to-end encryption (E2EE) messaging applications.
“E-merchants and bank institutions are the preferred victims of digital skimming attacks. Users continue to fall victim to phishing campaigns, BEC, investment and romance fraud. The number of cases of online sexual extortion targeting vulnerable minors is on the increase,” Europol added.
AI tech creates opportunities
Opportunity makes the thief, and new and increasingly accessible technologies and solutions are lowering the entry barrier to cybercrime. AI-releated technologies are the main worry now.
Cyber criminals incresingly offering and using malicious large language models (LLMs) for developing attack scripts and creating phishing emails, creating deepfakes (fraud, child sexual exploitation materials, cyberbullying), and more.
“The growing number of LLMs without prompt filtering which emerged recently is set to multiply and there will likely be more and more AI-generated advertisements luring in potential victims to online fraud,” the organizations noted.
“AI being used to improve criminal methods and scripts (e.g. to hack digital exchanges and liquidity protocols in order to steal funds) is another possible scenario. Abuse of LLMs might allow criminals to overcome language barriers so that sex offenders are able to groom victims virtually in any language, impersonating peers and interacting in a way that the victim perceives as natural and believable.”