Reports prepared by the European Police Agency Europol and the UK's National Crime Agency (NCA) reveal areas where cybercriminals are concentrated. ESET experts examined the cyber crimes that attracted attention in the reports. ESET experts said, “For years, state-sponsored activities and cyber crimes have been carried out in different areas. The first was based on cyber espionage or disruptive attacks designed for geopolitical and military purposes. The second was for the sole purpose of making money. According to experts, the convergence between these two elements by the NCA is worrying. It doesn't stop with some actors using cybercrime techniques to steal money on behalf of the state; Some governments are also turning a blind eye to the activities of ransomware and other groups, according to reports.” he said.
“Data theft fuels fraud epidemic”
Stating that fraud now accounts for 40 percent of all crimes in the UK, according to the NCA, ESET experts said, “The unit announced that three quarters of adults will be targeted by phone, in person or online in 2022. This is due to the constant stream of compromised data being delivered to darknet markets. Europol goes further and claims that data is the “core product” of the cybercrime economy, fueling extortion cases, social engineering and much more. According to Europol, the data sold on such markets is not just basic information such as card details, but is compiled from multiple data points from the victim's device. “From data theft to fraud, the cybercrime supply chain can involve many different actors, from initial access agents (IABs) to vendors of anti-malware and encryption services.” said.
This service-based economy is surprisingly effective, ESET experts underline, but the NCA also highlighted that these professional services can also assist law enforcement by “providing a rich audience that, when disrupted, has a disproportionate impact on the criminal ecosystem.”
”The same victims are targeted more than once”
ESET experts say that, depending on the way cybercrime works today, even organizations that have been attacked and compromised cannot breathe easy, saying 'we are over the worst'. "Because IABs sell access to the same organizations to multiple different threat actors. There is no mention of any written agreement or binding. Europol says this means the same exposed corporate credentials can circulate among multiple threat actors. Scammers are also getting better at maximizing their profits from victims. Investment fraudsters may contact victims after stealing their money and pose as lawyers or police. He impersonates trusted officials and offers assistance to these companies, which have not yet recovered from the shock, for a fee.” he said.
“Phishing remains surprisingly effective.”
ESET experts say, "Phishing has been the most important threat factor for many years." “It remains a preferred way to obtain login and personal information as well as covertly distribute malware. Europol states that it continues to be popular and effective because the weakest link in the security chain is humans. According to the report, the most common ways to access corporate networks are; Remote desktop protocol (RDP) and VPN exploits are prominent as malware-laden phishing emails. The widespread use of phishing tools helps both automate and lower the bar for less technically skilled cybercriminals. Europol also warns that generative AI tools are already being used to create artificial montage videos and write more realistic-looking phishing messages.” he said.
“Criminal behavior is becoming more and more normalized among young people.”
ESET experts say that sites on the dark web are a place where not only stolen data and hacking tools are traded, but also information. “According to Europol, this situation continues today. Users are searching for suggestions on how to avoid detection and make their attacks more effective. Educational videos and how-to guides provide help on scam campaigns, money laundering, phishing, malware and more. Perhaps more worrying, according to Europol, is that underground sites and forums, some of which also operate on the surface web, are also used to recruit new candidates. Young people are particularly at risk: a 2022 report cited by Europol claims that 69 percent of European youth have engaged in at least one form of cybercrime or online harm or risk, including money laundering and digital hacking.” said.