Europol's 2024 IOCTA Report reveals the major cyber threats of 2023, like the rising ransomware attacks on small and medium-sized businesses and AI use by cybercriminals.
On July 22, 2024, Europol released its 10th annual Internet Organised Crime Threat Assessment (IOCTA), which reports on the new threats and trends in the EU’s cybercrime space that emerged in 2023. According to the document, “the most threatening manifestations of cybercrime” were ransomware attacks, child sexual exploitation (CSE), and online fraud.
One significant aspect the IOCTA highlights is the role of cryptocurrencies in financial crimes, especially investment fraud and money laundering. This is partially because of the increased media attention around crypto investments. The most popular cryptocurrency in ransomware transactions is Bitcoin, but alternatives like Monero are becoming more widely circulated. In 2023, there was more use of swapping services to launder cryptocurrency. Criminals use swapping to make their funds secure and stable—switching to privacy coins like Monero for security and to stablecoins like USDT for stability.
Several important developments occurred with ransomware attacks in 2023. Several international efforts to combat criminal groups and the leaks of ransomware source codes have fragmented the ransomware landscape. Groups as prolific as Hive and LockBit were disrupted, stopping pervasive botnets like Qakbot. Unfortunately, this did not completely end these groups but led to smaller groups splintering off from their predecessors and rebranding. Akira, a fast-growing ransomware-as-a-service (RaaS) group is believed to come from the remnants of the Conti group. RaaS providers are also competing to recruit high-level affiliates and developers. Nowadays, ransomware groups are increasingly targeting small and medium-sized businesses because they have weaker cyber defenses. They weigh out the likelihood of a payout when picking out a target, so smaller businesses with poor protection are ideal.
The disturbing increase in illegal content online is making it harder for law enforcement agencies to fight child sexual exploitation (CSE). A lot of the child sexual abuse material (CSAM) found online is self-generated by children. Criminals increasingly use end-to-end encrypted (E2EE) communication platforms to share these materials and communicate with each other and the victims they extort. As artificial intelligence (AI) becomes more convincing, it’s expected that CSE offenders will use it more to create and modify CSAM, which only makes it harder to identify victims and offenders.
Phishing remains the most common way to commit fraud, targeting EU citizens, private companies, and public institutions. In 2023, the most common type was smishing (phishing via SMS/text), while quishing (phishing via QR codes) is becoming a new threat. Phishing-as-a-service is growing, with phishing kits easily available, making it easier for criminals with little technical skill to commit fraud. Again, AI tools and deepfakes are giving criminals more ways to deceive and manipulate people with social engineering. Digital skimming continues to be a threat, leading to the theft, sale, and misuse of credit card data.
The report wraps up with some key predictions for the future as well as recommendations for cybersecurity and law enforcement agencies in the EU. Europol anticipates more cybercrimes powered by AI and that cybercriminals will abuse the internet to obscure their communications, as they are with E2EE platforms. They also expect even more RaaS brands, but they hope that disrupting them will continue to be worthwhile. Europol’s next actions (protecting EU payment systems, bolstering the EU against illicit content online, focusing on offender prevention) are all supported by recent legislation like the EU Digital Services Act and the proposed Payment Services Directive 3. Even though the IOCTA reveals some concerning threats, it's assuring to know the EU is already set to combat some of them.