On July 17, Europol published its latest report Internet Organized Crime Assessment – IOCTA concerning the internet organized crime threat assessment, in which it highlights that the sector is constantly expanding and represents an increasing threat to the EU.

Organized cybercrime manifests itself mainly through cyber attacks, online fraud, data theft and child sexual exploitation and results in serious harmful consequences to individuals, public and private entities, as well as the EU economy and security.

Some concrete examples of computer crimes
Phishing is a particular type of scam carried out on the Internet through the deception of users. It is mainly configured through e-mail messages: through an e-mail, only apparently coming from financial institutions (banks or credit card issuing companies) or from websites that require access after registration (web-mail, e-commerce), the recipient is deceived in order to steal money or personal information. It may have different manifestations, depending on the medium used, such as smishing – SMS phishing – and vishing – voice phishing.

Person substitution is a technique involved in child sexual exploitation and online fraud in order to deceive victims. In the case of child sexual exploitation, interaction with minors is done by faking a false identity via social networks, while in online scams, names of companies, institutions, nongovernmental organizations and individuals are passed off in order to ask for money or gain access to victims’ sensitive data.

Phone spoofing, a technique that falsifies data and protocols with the intent of appearing to be another person, allows the real caller number to be concealed and a seemingly trustworthy number to be displayed to induce the caller to provide data, such as two-factor authentication (2FA) tokens or PINs.

Online fraud also occurs by accessing digital payment systems, inserting malware into automated teller machines (ATMs) to manipulate their operating system and eject cash and stealing customers’ card data for use in making purchases.

In particular, data theft
The central commodity in this illicit economy is stolen data, which is bought and produced by various cyber attacks. Ransomware programs, scammers, and hackers seek victims’ information to gain access to their systems and bank accounts and be used in a wide range of criminal activities, including accessing telematics and computer systems, espionage, extortion, identity theft, and performing fraudulent financial transactions.

A series of crimes committed against the same person
It may happen that the same victim is targeted several times. For example, investment fraud is in some cases linked to other types of fraud: after investments have been stolen by bogus financial promoters, criminals contact the same defrauded people pretending to be lawyers or law enforcement officers who offer help in recovering the embezzled funds, in exchange for payment of money.

In these cases, information about victims is often maximally monetized by selling personal data to multiple buyers.

Scams occurred as a result of the invasion of Ukraine
As a result of the invasion of Ukraine, among other things, a number of cyber attacks occurred against Ukrainian and Russian targets, as well as globally and, especially, against EU member states. In particular, there have been a significant number of so-called Distributed Denial of Service (DDoS) attacks against national and regional public institutions, politically motivated and coordinated by pro-Russian hacker groups in response to statements or actions in support of Ukraine.

Conversely, the vaunted purpose of providing aid to Ukraine was a ruse used by cyber scammers through the creation of fake web pages, dedicated to fundraising, using URLs that included misleading keywords, and sending emails from fraudulent addresses. In some cases, scammers posed as celebrities who had actually supported humanitarian campaigns or spoofed the domains of humanitarian organizations, inviting donations in cryptocurrency.

The network of organized cybercrime
Services offered to perpetrate cybercrime are often intertwined, widely available, enjoy a well-established online presence, and can rely on high levels of specialization within criminal networks and collaboration among illicit providers.

Criminal commercial offerings appeal to a very broad market, which finds the various services offered on the dark web.

For example, brokers of so-called dropper services – programs created to install viruses on a system – cater to a variety of cybercriminals and are critical for ransomware attacks, malware developers, and scammers to monitor victims and provide data needed to access targeted networks; some criminal networks provide spoofing-as-a-service to other criminals.

Other parties are dedicated to making these systems effective by sophisticated obfuscation and making them less detectable by antivirus (AV) programs. Similar activity is rendered by counter antivirus (CAV) services, aimed at identifying parts that can be detected by AV.

Cybercriminals then use virtual private networks (VPNs) to protect communication and Internet browsing by masking the identity, location, and infrastructure of operations, also making use of both so-called proxy services, designed to shield the location of the IP address, and end-to-end encryption (E2EE) to completely anonymize the content of traffic.

The dark web
Dark web forums are widely used by cybercriminals for communication, knowledge sharing, digital commodity exchange and recruitment. For example, users give tips on how to avoid detection and identification in the dedicated discussion forum. Guidelines, tutorials, manuals and FAQs on topics such as fraud methods, child sexual exploitation, money laundering, phishing and malware, ways to operate on the dark web and conduct illicit operations are widely available.

Laundering of criminal profits
Cybercriminals use a variety of services to launder their proceeds, depending on the volume and form of their profits. They use, for example, money mules, individuals recruited, in exchange for a fee, to transfer money digitally or in cash through a network of accounts, often in different countries; they also use networks of professional money launderers in a crime-as-a-service partnership.

Ransomware groups receive cryptocurrency payments directly from victims.

Online scammers in particular make frequent use of gambling platforms to launder profits, as they can be used to obscure the origin of illicitly obtained flows of funds, and by the time the victim becomes aware of the scam, the money is already split across accounts based in multiple countries and laundered.

Others may employ mixers, a method of obfuscation that dilutes the funds of many users together and conceals the financial trail.