IOCTA 2021 unveils the most recent cyber threat (r)evolutions

The accelerated digitalisation related to the COVID-19 pandemic has significantly influenced the development of a number of cyber threats, according to the new edition of Europol’s Internet Organised Crime Threat Assessment. Criminals have been quick to abuse the current circumstances to increase profits, spreading their tentacles to various areas and exposing vulnerabilities, connected to systems, hospitals or individuals. While ransomware groups have taken advantage of widespread teleworking, scammers have abused COVID-19 fears and the fruitless search for cures online to defraud victims or gain access to their bank accounts. The increase of online shopping in general has attracted more fraudsters. With children spending a lot more time online, especially during lockdowns, grooming and dissemination of self-produced explicit material have increased significantly. Grey infrastructure, including services offering end-to-end encryption, VPNs and cryptocurrencies continue to be abused for the facilitation and proliferation of a large range of criminal activities. This has resulted in significant challenges for the investigation of criminal activities and the protection of victims of crime.

In addition to expanding the efforts to tackle these threats from a law enforcement perspective, it is crucial to add another level of protection in terms of cybersecurity. The implementation of measures such as multi-factor authentication and vulnerability management are of utmost importance to decrease the possible exposure to cyber threats. Awareness raising and prevention are key components in reducing the effectiveness of cyberattacks and other cyber enabled criminal activities.

The key threats:

- Ransomware affiliate programs enable a larger group of criminals to attack big corporations and public institutions by threatening them with multi-layered extortion methods such as DDoS attacks.
- Mobile malware evolves with criminals trying to circumvent additional security measures such as two-factor authentication.
- Online shopping has led to a steep increase in online fraud.
- Explicit self-generated material is an increasing concern and is also distributed for profit.
- Criminals continue to abuse legitimate services such as VPNs, encrypted communication services and cryptocurrencies.

The new edition of Europol’s Internet Organised Crime Threat Assessment, launched today, looks into the (r)evolutionary development of these trends, catalysed by the expanded digitalisation of recent years. The report was presented during the Europol-INTERPOL Cybercrime Conference. The conference gathered about 100 experts together to share their insights into the latest cybercrime trends and threats and to discuss how innovation is essential in countering cybercrime acceleration.

UK and US cyber security leaders meet to discuss shared threats and opportunities

National Cyber Security Centre CEO and Director of the US Cybersecurity and Infrastructure Security Agency met in London.

Top cyber security officials from the UK and US affirmed their commitment to tackling ransomware in their first official face-to-face engagement.

Lindy Cameron, CEO of the National Cyber Security Centre – a part of GCHQ – met with Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency to discuss their organisations’ priorities, including combatting ransomware.

During their bi-lateral meeting in London they reflected on the impact of ransomware attacks this year and the need for industry collaboration to complement government’s operational efforts against ransomware.

NCSC Chief Executive Lindy Cameron said:

“It was a pleasure to host Director Easterly for our first in-person bi-lateral meeting to discuss the critical issues in cyber security today.

“Ransomware is a serious and growing security threat that cuts across borders, and it is important for us to maintain a continuing dialogue with our closest ally to tackle it.”

The issue of gender diversity was also on the agenda, with both agreeing that more needed to be done to remove barriers to entry into the profession for women and girls.

They discussed the NCSC’s CyberFirst Girls Competition, which aims to get more girls interested in cyber through fun but challenging team events for teenagers, and CISA’s ongoing commitment to expanding opportunities for young women and girls to pursue careers in cyber security and technology and closing the gender gap that exists in these fields.

The two leaders also discussed government collaboration with industry, including the NCSC’s Industry 100 scheme and CISA’s Joint Cyber Defense Collaborative.

The Industry 100 scheme has integrated public and private sector talent in the UK to pool their knowledge to tackle key cyber security issues. The Joint Cyber Defense Collaborative has similarly bought American public and private sector entities together to unify crisis action planning and defend against threats to U.S. critical infrastructure.

Countries ramp up cybersecurity strategies

ITU releases fourth edition of the Global Cybersecurity Index; key 2020 data points to increased commitment
​​​​The latest Global Cybersecurity Index (GCI) from the International Telecommunication Union (ITU) shows a growing commitment around the world to tackle and reduce cybersecurity threats.
Countries are working to improve their cyber safety despite the challenges of COVID-19 and the rapid shift of everyday activities and socio-economic services into the digital sphere, the newly released 2020 index confirms.
According to GCI 2020, around half of countries globally say they have formed a national computer incident response team (CIRT), indicating an 11 per cent increase since 2018. Rapid uptake of information and communication technologies (ICTs) during the COVID-19 pandemic has put cybersecurity at the forefront.
“In these challenging times, the unprecedented reliance on ICTs to drive society, economy and industry, makes it more important than ever before to secure cyberspace and build confidence among users," affirmed ITU Secretary General Houlin Zhao. “Governments and industry need to work together to make ICTs consistently safe and trustworthy for all. The Global Cybersecurity Index is a key element, offering a snapshot of the opportunities and gaps that can be addressed to strengthen every country's digital ecosystem."
Some 64 per cent of countries had adopted a national cybersecurity strategy (NCS) by year-end, while more than 70 per cent conducted cybersecurity awareness campaigns in 2020, compared to 58 per cent and 66 per cent, respectively, in 2018.
Addressing the cyber gap
Many countries and regions lag in key areas. These include:
- ​Cybersecurity skills training, which must be tailored to the needs of citizens, micro-, small-, and medium-sized enterprises (MSMEs);
Finance, healthcare, energy, and other key sectors, which require dedicated measures to close cybersecurity gaps;
- Critical infrastructure protection, which requires enhancement to meet new and evolving cyber threats;
- Individual data protection, which requires continual reinforcement as online activity expands.
Growing reliance on digital solutions necessitates ever stronger, yet also accessible and user-friendly, data protection measures.

NSA Funds Development, Release of D3FEND

D3FEND, a framework for cybersecurity professionals to tailor defenses against specific cyber threats is now available through MITRE.  NSA funded MITRE’s research for D3FEND to improve the cybersecurity of National Security Systems, the Department of Defense, and the Defense Industrial Base. The D3FEND technical knowledge base of defensive countermeasures for common offensive techniques is complementary to MITRE’s ATT&CK, a knowledge base of cyber adversary behavior.
D3FEND establishes terminology of computer network defensive techniques and illuminates previously-unspecified relationships between defensive and offensive methods. This framework illustrates the complex interplay between computer network architectures, threats, and cyber countermeasures.
MITRE released D3FEND as a complement to its existing ATT&CK framework, a free, globally-accessible knowledge base of cyber adversary tactics and techniques based on real-world observations. Industry and government use ATT&CK as a foundation to develop specific cyber threat models and methodologies.
Complementary to the threat-based ATT&CK model, D3FEND provides a model of ways to counter common offensive techniques, enumerating how defensive techniques impact an actor’s ability to succeed. By framing computer network defender complexity of countermeasure functions and techniques as granularly as ATT&CK frames computer network attacker techniques, D3FEND enables cybersecurity professionals to tailor defenses against specific cyber threats, thereby reducing a system’s potential attack surface. As a result, D3FEND will drive more effective design, deployment, and defense of networked systems writ large.
Frameworks such as ATT&CK and D3FEND provide mission-agnostic tools for industry and government to conduct analyses and communicate findings. Whether categorizing adversary behavior or detailing how defensive capabilities mitigate threats, frameworks provide common descriptions that empower information sharing and operational collaboration for an ever-evolving cyber landscape.

The Bahamas strengthens its cybersecurity capacity

The Bahamas has launched a project with ITU to set up a national Computer Incident Response Team (CIRT) to help protect the small island country’s critical digital infrastructure and data.
The National Cybersecurity Project, started in January and officially launched in February at national level, aims to help assess current Bahamian capabilities in this rapidly evolving field, as well as develop its National Cybersecurity Strategy.
The national CIRT will also support the government in building national cybersecurity expertise, closing human resource gaps, and supporting the elaboration of a cybersecurity framework and policies. Bahamian officials must do all they can “to put mechanisms in place to protect the government’s systems and citizens’ data from exposure to [cyber] attacks,” said the State Minister for Finance, Kwasi Thompson.
Digitizing hundreds of government services
The government’s recent decision to digitize more than 200 public administration services over the next five years has heightened the country’s need for a well-equipped cybersecurity team that can identify, defend, manage, and respond to cyber threats, Thompson added.
“The creation of this National Cybersecurity Strategy will help with review and further implementation of cyber legislation for the protection of citizens and clients,” he said.
Rapid growth in online business transactions – among both government entities and the private sector – makes cybersecurity enhancements paramount. The Bahamas, like other small island developing states in the Caribbean, needs to provide a safe online environment that minimizes any risks associated with online service provision.
The project will also support the development of related national cybersecurity platforms, including a national public key infrastructure (PKI), e-government services (including national identity services), and an access management framework.
ITU’s Telecommunication Development Bureau Director, Doreen Bogdan-Martin, highlighted the project’s region-wide significance. Projects like this one on the Bahamas will strengthen the Caribbean “cybersecurity supply chain” and reinforce international cooperation to combat cyber threats, she said, thanking the Bahamian government for seeking ITU support and expertise.
Building skills and updating tools
Key project objectives include a National CIRT Readiness Assessment, a Cybersecurity Capacity Maturity Model (CMM), a National Cybersecurity Strategy and Action Plan, and all necessary capacity building and service upgrades to activate the national CIRT, said Bruno Ramos, ITU Regional Director for the Americas.
The project is set for full implementation by the end of 2022, with interim steps including six months of ITU support help the CIRT reach maturity.
The national CIRT’s skills and tools will need constant updating, Ramos added. “It is vital to equip the response team with new technologies, deploy additional services, provide technical training, and coordinate and collaborate with other international organizations.”