How should the fight against cybercrime be carried out?

New reports by Europol and the UK's National Crime Agency (NCA) shed light on how the fight against cybercrime should be conducted.

Against agile and increasingly well-resourced adversaries, security forces remain an integral part of the fight. Consumers and businesses can and should continue to build their defenses. An important role for business owners in this area is to investigate emerging threats and add the necessary layers of protection to their products. Indeed, manufacturers can help police track, block, and take down attacker, ultimately sending the message that it's not good to get involved in cybercrime.

New reports by Europol and the UK's National Crime Unit (NCA) shed light on how this fight is being fought. At the same time, these reports provide the threat landscape with very useful information from the people and organizations that are at the very center of the action. There are many lessons to be learned in the reports for IT managers and consumers.

5 cybercrime trends to watch out for

Nation-states working in tandem with cybercrime

For years, state-sponsored activities and cybercrime have been carried out in different areas. The first was on the basis of cyber espionage and/or subversive attacks designed for geopolitical and military purposes. The second was only for the purpose of earning money.

It is worrying that the NCA is seeing a growing rapprochement between these two elements. Obviously, it doesn't just end with some actors using cybercrime techniques to steal money on behalf of the state. At the same time, some governments turn a blind eye to the activities of ransomware and other groups.

NCA president Graeme Biggar said, "Over the past year, we've started to see hostile states using organized crime groups (and sometimes people of different nationalities) as tools. This is a development that we are following closely with our colleagues in MI5 and CT (counter-terrorism) policing."

This is not the first time that experts in the field, including HP, have recognized the growing link between organized crime and nation-states. In fact, just three months ago, ESET researchers published an article about the interesting case of a group called Asylum Ambuscade, which stands on the line between crime and espionage.

However, if the strategy becomes more widespread, it will be more difficult to correlate breaches, and at the same time, the potential for criminal groups to be empowered with more sophisticated technical information will increase.

Data theft triggers fraud epidemic

According to the NCA, fraud now accounts for 40% of all crime in the UK. In 2022, three-quarters of adults were targeted by phone, in person or online, the unit said. This is partly due to the constant influx of hijacked data that is being offered to darknet markets. Europol goes further, claiming that data is the "core product" of the cybercrime economy, fueling cases of extortion (e.g. ransomware), social engineering (e.g. phishing) and much more.

According to Europol, the data sold on such marketplaces is increasingly not just basic information such as card details, but is also compiled from multiple data points taken from the victim's device. From data theft to fraud, the cybercrime supply chain can involve many different actors, from first access agents (IABs) and bulletproof hosting providers to vendors of malware protection and encryption services.

This service-based economy is surprisingly effective. However, the NCA also underlines that these professional services can also help law enforcement by "providing a rich target audience that, when disrupted, has a disproportionate impact on the criminal ecosystem."

The same victims are targeted multiple times

With the way cybercrime works today, even organizations that have been hacked and compromised can't breathe a sigh of relief saying 'we've survived the worst'. Reason? That's because IABs sell access to the same organizations to multiple different threat actors, and there's no written agreement or binding. Europol says this means that the same exposed corporate credentials can circulate between multiple threat actors.

Scammers are also getting better at maximizing their earnings from victims. Investment scammers can contact victims after stealing their money, but this time pretending to be lawyers or police. Not yet over the shock, he offers help to this company for a fee, impersonating trusted officials.