Covid-19 Sparks Upward Trend in Cybercrime

Europol’s 2020 cybercrime report updates on the latest trends and the current impact of cybercrime within the EU and beyond.

So much has changed since Europol published last year’s Internet Organised Crime Threat Assessment (IOCTA). The global COVID-19 pandemic that hit every corner of the world forced us to reimagine our societies and reinvent the way we work and live. During the lockdown, we turned to the internet for a sense of normality: shopping, working and learning online at a scale never seen before. It is in this new normal that Europol publishes its 7th annual IOCTA. The IOCTA seeks to map the cybercrime threat landscape and understand how law enforcement responds to it. Although the COVID-19 crisis showed us how criminals actively take advantage of society at its most vulnerable, this opportunistic behaviour of criminals should not overshadow the overall threat landscape. In many cases, COVID-19 has enhanced existing problems.

CROSS-CUTTING CRIME
Social engineering and phishing remain an effective threat to enable other types of cybercrime. Criminals use innovative methods to increase the volume and sophistication of their attacks, and inexperienced cybercriminals can carry out phishing campaigns more easily through crime as-a-service. Criminals quickly exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19.

Encryption continues to be a clear feature of an increasing number of services and tools. One of the principal challenges for law enforcement is how to access and gather relevant data for criminal investigations. The value of being able to access data of criminal communication on an encrypted network is perhaps the most effective illustration of how encrypted data can provide law enforcement with crucial leads beyond the area of cybercrime.

MALWARE REIGNS SUPREME
Ransomware attacks have become more sophisticated, targeting specific organisations in the public and private sector through victim reconnaissance. While the COVID-19 pandemic has triggered an increase in cybercrime, ransomware attacks were targeting the healthcare industry long before the crisis. Moreover, criminals have included another layer to their ransomware attacks by threatening to auction off the comprised data, increasing the pressure on the victims to pay the ransom. Advanced forms of malware are a top threat in the EU: criminals have transformed some traditional banking Trojans into modular malware to cover more PC digital fingerprints, which are later sold for different needs.

CHILD SEXUAL ABUSE MATERIAL CONTINUES TO INCREASE
The main threats related to online child abuse exploitation have remained stable in recent years, however detection of online child sexual abuse material saw a sharp spike at the peak of the COVID-19 crisis. Offenders keep using a number of ways to hide this horrifying crime, such as P2P networks, social networking platforms and using encrypted communications applications. Dark web communities and forums are meeting places where participation is structured with affiliation rules to promote individuals based on their contribution to the community, which they do by recording and posting their abuse of children, encouraging others to do the same. Livestream of child abuse continues to increase, becoming even more popular than usual during the COVID-19 crisis when travel restrictions prevented offenders from physically abusing children. In some cases, video chat applications in payment systems are used which becomes one of the key challenges for law enforcement as this material is not recorded.

PAYMENT FRAUD: SIM SWAPPING A NEW TREND
SIM swapping, which allows perpetrators to take over accounts, is one of the new trends in this year’s IOCTA. As a type of account takeover, SIM swapping provides criminals access to sensitive user accounts. Criminals fraudulently swap or port victims’ SIMs to one in the criminals’ possession in order to intercept the one-time password step of the authentication process.

CRIMINAL ABUSE OF THE DARK WEB
In 2019 and early 2020 there was a high level of volatility on the dark web. The lifecycle of dark web market places has shortened and there is no clear dominant market that has risen over the past year. Tor remains the preferred infrastructure, however criminals have started to use other privacy-focused, decentralised marketplace platforms to sell their illegal goods. Although this is not a new phenomenon, these sorts of platforms have started to increase over the last year. OpenBazaar is noteworthy, as certain threats have emerged on the platform over the past year such as COVID-19-related items during the pandemic.

CISA and MS-ISAC Release Joint Ransomware Guide

The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing a joint Ransomware Guide meant to be a one-stop resource for stakeholders on how to be proactive and prevent these attacks from happening and also a detailed approach on how to respond to an attack and best resolve the cyber incident. CISA and MS-ISAC observed there are vast products and resources available, but very few that have them all in one place.

This one-stop guide is divided into two parts:

First, the guide focuses on best practices for ransomware prevention, detailing practices that organizations should continuously do to help manage the risk posed by ransomware and other cyber threats. It is intended to enable forward-leaning actions to successfully thwart and confront malicious cyber activity associated with ransomware. Some of the several CISA and MS-ISAC preventive services that are listed are Malicious Domain Blocking and Reporting, regional CISA Cybersecurity Advisors, Phishing Campaign Assessment, and MS-ISAC Security Primers on ransomware variants such as Ryuk.

The second part of this guide, response best practices and services, is divided up into three sections: (1) Detection and Analysis, (2) Containment and Eradication, and (3) Recovery and Post-Incident Activity. One of the unique aspects that will significantly help an organization’s leadership as well as IT professional with response is a comprehensive, step-by-step checklist. With many technical details on response actions and lists of CISA and MS-ISAC services available to the incident response team, this part of the guide can enable a methodical, measured and properly managed approach.

“It is a CISA priority to help our partners defend against ransomware, advise them on appropriate risk-management actions and provide best practices for a resilient, responsible incident response plan in the event of an cyberattack,” said Bryan Ware, Assistant Director for Cybersecurity, CISA. “The collaborative and consistent engagement with our industry and government partners support our concerted efforts to offer trusted, proactive and timely resources and services. This guide is based on operational insight from CISA and MS-ISAC and our engagements with varied sector partners.”

Recent events stress the important reminder that ransomware can happen at any time to any organizations, so we encourage all organizations with sensitive or important data stored on their network to take steps now to protect it, including backing up data, training employees, and patching systems to blunt the potential impact of ransomware. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen data if they refuse to pay and publicly naming and shaming victims as secondary forms of extortion.

One of the ways this guide can help is with identifying their critical data. It’s hard to have an organization determine after-the-fact what critical data was impacted by a ransomware incident if they did not have that understanding of what critical data they had ahead of time. And, it is hard to revert to backups if an organization does not have or has not properly maintained and tested their backups.

This joint ransomware guide is written primarily for the IT professional, but every level of an organization can benefit from reviewing it. CISA and MS-ISAC are proud to provide this guide that can help them plan for a ransomware incident and understand the risk management, analytical, and response services available to them.

October is European Cyber Security Month

The European Cybersecurity Month (ECSM) is the European Union’s annual campaign dedicated to promoting cybersecurity among EU citizens and organisations, and to providing up-to-date online security information through awareness raising and sharing of good practices.

The ECSM campaign is coordinated by the European Union Agency for Cybersecurity (ENISA) and the European Commission, and supported by EU Member States and hundreds of partners (governments, universities, think tanks, NGOs, professional associations, private sector business) from Europe, and beyond.

The EU Agency for Cybersecurity coordinates the organisation of the ECSM campaign by acting as a “hub” for all participating Member States and EU Institutions, and by providing expert suggestions, generating synergies and promoting common messaging among EU citizens, businesses and public administration. The Agency also publishes new materials and provides expert advice on different cybersecurity topics for Member States’ audiences.

Since the first event in 2012, the European Cybersecurity Month has been reaching its key priorities by bringing together parties from across Europe under the slogan ‘Cybersecurity is a Shared Responsibility’ to unite against cyber threats.

Each year, for the entire month of October, hundreds of activities take place across Europe, including conferences, workshops, training sessions, webinars, presentations and more, to promote digital security and cyber hygiene.

Sustainable and resilient supply chains crucial to COVID-19 recovery

Through a joint statement on the crucial importance of resilient and sustainable integrated supply chains to the global recovery from COVID-19, ICAO and seven other UN bodies have encouraged States to realize more effective coordination and cooperation between the transport modes, and across borders.

“We are calling on all Governments to maximize the contribution of international trade and supply chains to a sustainable socio-economic recovery in post-COVID-19 times, through greater use of international legal instruments and standards, as well as strengthened regional and sectoral cooperation,” declared ICAO Secretary General Dr. Fang Liu.

The statement was signed by Dr. Liu and the heads of the United Nations Conference on Trade and Development (UNCTAD), the International Maritime Organization (IMO), the United Nations Economic Commission for Africa (UNECA), the United Nations Economic Commission for Europe (UNECE), the United Nations Economic Commission for Latin America and Caribbean (UNECLAC), the United Nations Economic and Social Commission for Asia and the Pacific (UNESCAP), and the United Nations Economic and Social Commission for Western Asia (UNESCWA).

It points to a number of specific mechanisms, such as the United Nations TIR Convention and its eTIR International System, the CMR Convention and its eCMR Protocol and the Automated System for Customs Data (ASYCUDA), and international standards for data exchange, such as those developed by UN/CEFACT, noting that “these instruments allow for moving cargo across borders without requiring physical checks and for reducing contact between people.”

For air transport specifically, States have been invited to follow the key principles presented in the ICAO Council Aviation Recovery Task Force (CART) Report and implement its recommendations and guidelines.

“We are encouraging States to take a risk-based approach to restoring connectivity with minimal restrictions while preventing the spread of COVID-19, protecting the health and safety of drivers, crew and border agency personnel,” Dr. Liu recalled.

Here, the implementation of Public Health Corridors (PHC) will be of special importance to ensuring “COVID-19 free” flight operations.

The joint statement builds on the momentum launched by ICAO in the very earliest days of the pandemic to ensure the safe, secure, and sustainable restoration of air connectivity. This momentum includes the development and then universal and cost-free provision of key technical guidance, and continuous advocacy for the pivotal importance of air transport to both recovery from the pandemic and the achievement of the UN Sustainable Development Goals.

ICAO is also providing States with assistance in regard to the implementation of its COVID-19 recovery materials, including through the organization of webinars. A webinar series on air cargo digitalization, which is scheduled to kick off on 29 September 2020, will directly support the achievement of the objectives of this joint statement.

OSCE and UNECE join forces in enhancing cyber resilience of intelligent transport systems

The OSCE and the UN Economic Commission for Europe (UNECE) held a roundtable discussion on enhancing cyber resilience of intelligent transport systems for both private and public sectors on 8 September 2020 in Geneva.

Discussions focused on the various types of cyber threats posed to intelligent transport systems, and methodologies available to governments to address critical security risks.

“Given the complexity and vulnerability of intelligent transport systems to cyberattacks, it is important to develop a coherent security approach involving co-operative efforts of the international community as well as both the public and private sectors,” said Eni Gjergji, Economic Advisor in the Office of the Co-ordinator of OSCE Economic and Environmental Activities.

Over 100 representatives of ministries of transport and other relevant agencies, cyber security experts from the automotive, IT and telecommunication sectors from the Euro-Asian region participated.  Participants took stock of the various types of emerging risks and threats to intelligent transport systems in view of digitalization processes, enhanced inter-connectivity of vehicle and transport infrastructure IT systems and automation.

François E. Guichard, Secretary of the Working Party on Automated/Autonomous and Connected Vehicles, UNECE Sustainable Transport Division, said that the security of intelligent transport systems would benefit from the recently adopted UN Regulation on cyber security, which introduces stringent requirements that manufacturers of different types of vehicles (cars, vans, trucks, buses, trailers, etc.) will have to comply.

“We are pleased to observe that the adoption of this Regulation is already stimulating the development of the cyber security ecosystem that is needed to address those risks, given the increased connectivity and complexity of vehicles and of the technologies delivering ITS,” said Guichard.

Ways of capturing the benefits of new technologies without compromising the safety and other progresses achieved during the last decade in the inland transport systems were also discussed.

Increasing resilience of the cyber/ICT environment requires fostering international co-operation, say participants at OSCE high-level conference

International co-operation and multilateral approaches are needed to maintain resilience and stability of the cyber-ICT environment, concluded participants of the high-level conference of the OSCE Albanian Chairmanship that ended today in Vienna.

Agron Tare, Deputy Minister for Europe and Foreign Affairs of Albania said that securing the cyber ecosystem requires “engagement, collaboration and co-ordination amongst all relevant stakeholders to preserve a functioning and stable ICT environment.”

Deputy Minister Tare also stressed the role the OSCE plays in regional efforts to develop new ideas on establishing a stable cyber/ICT environment and putting those ideas into practice, thus contributing to global efforts.

“The OSCE – through its sixteen existing confidence-building measures - has provided us with a platform to build trust and capacities, enhance co-operation and reduce tensions that may stem from the use of ICTs,” Tare said, noting that it is important to make them work for all OSCE participating States.

Referring to the OSCE Informal Working Group, which set an example for how to drive co-operation forward in the field of cyber/ICT security, the Deputy Minister noted its flagship “Adopt-a-CBM” initiative, inaugurated in 2018 by the Hungarian Chair of the Informal Working Group established by Permanent Council Decision 1039. He noted that the initiative is “the most promising way ahead regarding the implementation of the confidence-building measures.”

Péter Sztáray, Minister of State for Security Policy, Ministry of Foreign Affairs and Trade of Hungary, said that the pandemic added a new threat to existing global challenges and, more than anything showed that all countries rely heavily on cyber/ICT technologies to maintain daily business, enable most critical infrastructure systems and drive economic and social growth. “In the future there will be an even heavier reliance on digital infrastructure. That is why international co-operation, a multilateral approach on both global and regional level is needed more than ever,” Sztáray said.

EMSA participates in EU secure governmental satellite communications

Growing demand for reliable and secure governmental communication Effectively functioning public administration requires reliable and secure communication systems. In the era of satellite communications, access to communication services for governmental stakeholders should no longer be restrained, for example by unavailability of terrestrial communication infrastructure.

Exchanging confidential information, prevention of communication jamming and disruption due to external interference, together with the need for wider accessibility and cost-effectiveness represent vital factors driving the development of secure satellite communication services. Secure SATCOM solutions need to match service demand from eligible governmental users with supply provided by EU contracts for satellite capacities and services.

In 2013, the European Council defined the Governmental Satellite Communications (GOVSATCOM) as one of the four capability development programmes. Implementing a user-driven approach while developing operational GOVSATCOM interface is key.

Hence, a team of 18 organisations from across the European Union has embarked on a new research undertaking. It will address pending issues related to secure GOVSATCOM user expectations, as well as institutional and market responsiveness.
International cooperation will progress within the framework of the EU-funded project under Horizon 2020 programme, entitled European Networking for satellite Telecommunication Roadmap for the governmental Users requiring Secure, inTeroperable, innovativE and standardiseD services – ENTRUSTED.

Networking secure GOVSATCOM users Members of the ENTRUSTED consortium have set-up of a Network of governmental Users (NoU) of the secure SATCOM. The NoU will be expanded, as ENTRUSTED proceeds, to associate other interested governmental and institutional users representing EU member states and EU agencies.

Due to its institutional representatives, the NoU is expected to serve as a platform enabling the exchange of information, experience and expertise in a competent, trustful and secure way. ENTRUSTED will offer the possibility to participate in dedicated training, workshops, live demonstration activities and conferences.

Paving the way forward

Identification of key governmental user needs and requirements will be conducted in parallel with the assessment of relevant secure SATCOM user technologies and future development prospects. These activities will support the indication and prioritisation of necessary actions that will fill gaps between existing secure SATCOM capabilities and governmental user requirements, taking into consideration aspects of interoperability and standardisation.

ENTRUSTED seeks to develop recommendations for the European Commission in terms of considerations that could affect user experience of secure SATCOM services. These may relate to necessary investments, user equipment and, if relevant, technological aspects important for the design of future services. Recommendations will be presented in the form of a consolidated set of institutional user requirements for secure GOVSATCOM services and a long-term Research and Innovation Roadmap and Coordination plan (RIROC). ENTRUSTED will provide guidelines for user-related activities and pave the way for the future EU GOVSATCOM programme.

UAE Cultivates the First Private Sector Alliance for Disaster Resilient Societies (ARISE) in the Arab Region

While the globe is facing challenging times and rapid changes due to disasters and the need to create risk-resilient societies is inevitable, the United Arab Emirates is leading the private sector engagement for disaster risk reduction by announcing the first ARISE initiative in the Arab region to achieve the outcomes and goals of the Sendai Framework in a transparent and inclusive way that delivers measurable impact.

This initiative is in conjunction with the United Nations Office for Disaster Risk Reduction (UNDRR) that works towards a resilient, prosperous future where fewer lives are lost to disasters, capital assets and investments are risk-informed, and infrastructure is resilient to natural and man-made hazards and advocates for risk-informed development by encouraging and supporting the private and public sectors to put in place policies and practices to reduce disaster risk and losses.

The UAE Private Sector Alliance for Disaster Resilient Societies (ARISE) kicked off yesterday with its first meeting at Burj Khalifa led by Mr. Sujit Mohanty the Chief of UNDRR Regional Office for the Arab States (ROAS), Dr. Mahmoud Al Burai the Vice President of International Real Estate Federation and Senior Advisor in Dubai Government, along with the United Nations Resident Coordinator for the UAE Dr. Dena Assaf and other senior officials from UNDRR.

The meeting was attended by Dr. Tariq Ahmed Nizami, Founder & CEO of CEO Clubs Network, Dr. Assad Farah, Dean School of Business Administration at American University in Dubai, Helen Chen CEO and Co-founder of Nomad Homes, Chris Roberts, CEO of Eltizam Asset Management Group, Mohammed Alsharaf, COO of Eltizam Asset Management Group, Mr. Fadi Nwilati, CEO of KAIZEN Asset Management, Mr. Ghassan Farouk Afiouni Managing Partner and Inventor MPI, Mr. Ahmed Riad, Managing Director Estmrarya Consulting, Dr. Raza Siddiqui, CEO Arabian Health Group and Zeina Abou Chaaban the Managing Parter of Palestyle.

“Today we are witnessing a remarkable movement convened by the UAE private sector to establish the first national ARISE in the Arab region and set the roadmap for other Arab countries. COVID19 has put a stark reminder to all of us that reducing risk of disasters whether natural, man-made or biological, has to be everyone’s business. This initiative will capitalize on the UAE private sector to promote risk-informed investments and to engage in business practices that build resilience and prevent new risks from being created” said Mr. Mohanty, Chief of UNDRR ROAS.

Dr. Mahmoud Burai said: “This initiative showcases the UAE leadership in founding a strong platform for the private sector to support and implement the Sendai Framework for Disaster Risk Reduction 2015 – 2030 and its commitment towards 2030 Agenda for Sustainable Development, Paris Climate Agreement, New Urban Agenda and Agenda for Humanity. UAE ARISE will work closely with Dubai Police who is leading on Dubai Resilient and other local and federal governments to create risk-resilient societies by energizing the private sector in collaboration with the public sector and other stakeholders to achieve the outcomes and goals of the Sendai Framework in a transparent and inclusive way that delivers measurable impact.”

The United Nations Resident Coordinator for the UAE Dr. Dena Assaf said: “The United Nations has been working for the last 75 years around many global challenges, bringing awareness and progress across the planet and the UAE has always been a bastion of hope and resolve in the region. The UAE private sector’s role and engagement in disaster risk reduction not only ensures a more resilient and prepared society, but also enables accelerated progress towards the Sustainable Development Goals”. Dr. Dena Assaf encouraged the members to contribute to the UN global conversation on the World We Want, and take the survey at www.UN75.online.

The first meeting agenda unfolded the UAE ARISE objectives, structure, voluntary action commitments and the workplan 2020-2021, while the board election announced HE Dr. Mahmoud Al Burai the Chair of the UAE ARISE, Co- Chair, Mr Ahmed Riad and the Vice Chair, Dr. Tariq Nizami.

Resilience of rail infrastructure – Interim report following the derailment at Stonehaven

The derailment of a passenger train near Carmont on 12 August 2020 was a tragedy for the families and friends of the three people who lost their lives and will have a lasting effect on those injured and involved in responding, as well as the wider railway industry. It has raised questions about the resilience and safe performance of the railway, and how the risk of such an event happening again can be minimised.

Emerging findings from the investigations suggest that a significant contributing factor to the derailment was heavy rainfall washing material onto the track. Therefore, the report commissioned by the Secretary of State for Transport seeks to provide an initial review of the resilience of rail infrastructure, in particular in the context of severe weather. Because of the nature of events that led to the derailment at Carmont, the report focuses on the resilience of earthworks and drainage infrastructure to heavy rainfall.

It is critical to understand fully what went wrong, what is being done now and what more can and should be done. It is a look at the current approach, procedures and risk; the immediate and longerterm plans and actions; and initial consideration of next steps.

While the report in no way pre-empts the outcome of formal independent investigations being carried out by the Rail Accident Investigation Branch, or those by the Office of Rail and Road, British Transport Police and Police Scotland into the tragedy on Wednesday 12 August, the initial findings suggest that, after a period of heavy rainfall, the train struck a pile of washed-out rock and gravel before derailing.

The interim report assesses the current controls and management of thousands of miles of earthworks – the sloped ground beside railway tracks – and sets out how the industry plans to reduce the risk of landslips on the network in the future.

The report highlights the need for an increased focus on deploying technology across the network to predict failures and investment in better forecasting to enable local decisions for imminent weather events. Network Rail’s extensive research and development portfolio is helping to accelerate the development and deployment of this technology.

Key findings also suggest that industry rules for reporting and responding to adverse rainfall will be improved and strengthened, helping signallers better manage services during bad weather. Other plans include discussions with meteorologists to understand how real-time information can be better used to inform train operations about unpredictable extreme weather.

Britain’s railway is one of the safest in Europe and that safety record is underpinned by the resilience of our assets and the rigour of our management system. However, the increasingly clear implications of climate change mean that we must and will do more. This is particularly important with respect to how we operate the railway and the wider deployment of technology.

The full Interim Report can be downloaded here >>

Indonesia rolls out JRC-designed system to enhance Tsunami Early Warning

Indonesia has announced plans to roll out a tsunami early warning system based on the Inexpensive Device for Sea Level Monitoring (IDSL).

The system was developed by the European Commission’s Joint Research Centre with support from the Commission’s department for European Civil Protection and Humanitarian Aid Operations (DG ECHO).

The new plan for IDSL installation foresees the acquisition of 100 new units before the end of 2020 and a more ambitious implementation of an additional 530 units over the coming years, for fisheries, ports and conservation areas across Indonesia.

The IDSL is already installed in 7 locations in Indonesia (Sebesi Island, Marina Jambu, Pandangaran, Sadeng Port and Pelabuhan Ratu on Java Island and Bungus Port on Sumatra Island). It is also being installed in Mentawai Island.

The initiative is part of a collaboration between the JRC, DG ECHO and the Ministry of Maritime and Fisheries, initiated in 2019 when the JRC provided Indonesia with 8 IDSL devices to quickly implement a new Tsunami Warning System in the aftermath of the Anuk Krakatau volcano explosion on 22 Dec 2018. The event triggered a severe Tsunami, killing more than 400 people in the Sunda Strait.

The JRC began developing the IDSL in 2014. It has been installed in 35 locations in the Mediterranean Sea to enhance the monitoring capability of the Tsunami Warning Centres, in collaboration with local institutions and the UNESCO International Oceanographic Commission.

The characteristics of this innovative device are:

its low cost (2.5 k Euro vs 25-30 k Euro of similar devices);
the quick response and transmission (latency less than 5s from measurement to data publication);
the easy installation (less than 2h);
the presence of a software onboard able to detect Tsunami waves or other large sea level variations and send email and SMS to a prescribed list of recipients.
The name of IDSL has been modified to ‘PUMMA’ in the Indonesian language, or Perangkat Ukur Murah untuk Muka Air (Low cost Device for Sea Level Measurement).

It has the same meaning but is easier for Indonesians to recognise and understand its functioning.

Announcing the plans, Indonesian Maritime and Fisheries Minister Edhy Prabowo referred to the geographical position of Indonesia and indicated: “This situation prompts the Indonesian government to formulate a practical tsunami mitigation regime because a large number of coastal communities and villages could be left vulnerable and devastated when a tsunami strikes. In addition, vast coastlines and a large number of coastal communities means that Indonesia needs tsunami early warning systems to be installed in many tsunami prone areas. In this situation, the government needs to develop a tsunami mitigation program that includes the participation of the communities to develop their preparedness and make them more resilient to tsunami."

The new devices will be built with the collaboration of the European Commission and the involvement of local small scale companies and universities.

They will be integrated with the overall monitoring network in Indonesia provided by BIG (Sea Level Monitoring Institution) and BMKG (Tsunami Service Provider).

The IDSL (or PUMMA) will be implemented not only for tsunami early warning, but also for monitoring of fisheries port activities, marine tourisms, marine ecosystem and sea level rise.

1 2 3 4 10