Affiliate Programs

Europol IOCTA 2021 Report: The Key Takeaways

Europol IOCTA 2021 Report: The Key Takeaways
Written by publishing team

Europol, the European Union’s law enforcement agency, has recently published the Cyber ‚Äč‚ÄčOrganized Crime Threat Assessment (IOCTA) Report 2021. The report, Europol’s flagship strategic product, which provides a law enforcement-focused assessment of evolving threats and key developments in cybercrime, highlights On the expanding landscape of cyber threats due to the impact of the COVID-19 pandemic and accelerating digitization. To assess this year, the project team surveyed all European Union Member States (EU MS), a limited number of third countries, members of Europol’s advisory groups, and internal specialists.

The report includes detailed findings from the past 12 months in the areas of cybercrime, child exploitation material, online fraud, and the dark web.

Internet based crime

Europol previously defined Internet-based crime as any crime that could only be committed using computers, computer networks, or other forms of information communication technology. In essence, without the Internet, these crimes cannot be committed.

The assessment revealed that criminals are taking advantage of new opportunities created by expanded digitalization and the increase in working from home or teleworking for many employees due to the pandemic. Cybercriminals mainly began to take advantage of the fact that in many cases information security policies became more relaxed, the total number of vulnerabilities and attack surfaces increased, and organizations struggled to quickly mitigate new security risks.

The report examines the three ways criminals operate to commit Internet-based crimes. These are ransomware, mobile malware, and DDoS attacks for ransomware.

ransomware attacks

The Europol report notes that ransomware affiliate programs have grown in importance and are linked to several high-profile attacks against healthcare institutions and service providers. Affiliate programs allow a larger group of criminals to attack large companies or high-value targets and gain access to their infrastructure. They use supply chain attacks to compromise the networks of large corporations and public organizations as well as use new, multi-layered extortion methods such as the DDoS attacks discussed below. Bad actors are turning towards human-managed ransomware targeting private companies, the healthcare, education, critical infrastructure, and government institutions.

mobile malware

Europol’s assessment reveals that the number of mobile malware complaints submitted to law enforcement authorities has increased significantly. Mobile malware has become a scalable business model. Cybercriminals who resort to this method of attack are increasingly abusing consumers of online shopping services and increasingly taking advantage of opportunities to steal personal information of these individuals.

There are signs that mobile malware operations are evolving. For example, criminals who carry out such attacks can sometimes circumvent additional security measures such as two-factor authentication. They also sometimes use overlay attacks and SMS spam capabilities to carry out the attacks.

Mobile malware operators have exploited the increase in online shopping and incorporated delivery services into their attacks as scams designed to trick their victims into downloading malicious code, stealing victims’ credentials, or committing various forms of delivery fraud. Mobile banking trojans have become a noteworthy threat precisely because of the increasing popularity of mobile banking. Criminals have continued to use COVID-19 accounts for online selling of counterfeit medical products and phishing to steal login credentials.

Distributed Denial of Service (DDoS) attacks

The results of the evaluation also show that DDoS for ransomware appears to be making a comeback as criminals use the names of well-known persistent threat groups (APTs) to intimidate their targets into complying with the ransom demands. Law enforcement and private partners are reporting a resurgence of DDoS attacks with ransom demands as well as an increase in high-volume attacks compared to the previous year. The cybercriminals were targeting Internet Service Providers (ISPs), financial institutions, and small and medium-sized businesses (SMBs).

Criminals are taking advantage of increased online activity

Consumers are shopping online in record numbers. This has created additional opportunities for criminals to commit fraud and steal personal data from online shoppers. In this regard, the evaluation revealed an increase in cases of payment and delivery fraud. A key finding of the report in this particular area is that phishing and social engineering remain the main vectors for payment fraud, increasing in size and complexity. Among the types of fraud identified in the report, investment fraud has emerged as the most prevalent type of fraud in the past 12 months.

The Europol report noted a significant rise in the number of COVID-19-themed phishing attempts being carried out over the phone (ie phishing) and text messages (eg phishing). Successful phishing campaigns give criminals fraudulent access to their victim’s personal, financial or security data. Phishing and phishing entities have particularly benefited from exploiting stolen data. In combination with spoofing, where victims are contacted using legitimate-looking caller IDs or text aliases, criminals have given these types of fraud attempts significant credibility.

child exploitation materials

The main trends and threats related to online child sexual exploitation remained relatively stable throughout the reporting period. The proliferation of encrypted messaging apps and social media platforms is affecting personal care and distribution of child sexual abuse materials (CSAM). CSAM is actively traded on peer-to-peer (P2P) networks and the dark web. There, cryptocurrencies are also used for payment, with law enforcement reporting an increase in profit distribution.

dark web

Threats in the cybercrime landscape are exacerbated by the growth of the crime-as-a-service market on the dark web. Criminals continue to abuse legitimate services such as VPNs, encrypted communication services, and cryptocurrencies. This area presents a particular challenge because the anonymity desired by users of the dark web is exacerbated by the widespread adoption of encryption technologies. These solutions can benefit both legal users and criminals simultaneously, creating a contradictory situation for policy makers.

However, the dark web is another area, with EU law enforcement agencies reporting some major changes in the threat landscape during the evaluation period. Instead, many small developments that had already been taking place several years ago are becoming more and more common. The following are described as key findings in the report:

  • Dark web users are increasingly using Wickr and Telegram as communication channels or to bypass market fees
  • Users of the dark web are increasingly adopting anonymous cryptocurrencies, such as Monero and exchange services
  • Users rely on increasingly sophisticated operational security, quickly migrating to other markets or markets without users to enforce manual PGP after removals
  • Increasingly gray infrastructure helps users of the dark web thrive


The report shows that cybercriminals are more opportunistic, determined and resourceful than ever before. They continue to innovate and use cutting edge methods to achieve their goals. To mitigate the risks associated with the areas discussed above, the report makes several recommendations including incorporating law enforcement into the cybersecurity ecosystem. Readers are encouraged to read the Europol report to understand each of the emerging threats and how they can best prepare to mitigate these challenges.

About the author: Ambler is an attorney with a background in corporate governance, regulatory compliance, and data privacy. She currently advises on governance, risk, compliance, and enterprise data management, as well as data privacy and security issues in Washington, DC.


Twitter: Tweet embed

Editor’s note: The opinions expressed in the guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

About the author

publishing team