In this interview with Nordea On Your Mind author Viktor Sonebäck (VS), Philipp Amann (PA) describes how increasing digitalisation and ease of underground access to tools and services continues to drive growth in cybercrime.
Europol's European Cybercrime Centre (EC3) provides analytical and technical support and coordinates cross-border investigations within the EU and with external partners such as the FBI and Interpol, for example, through the Joint Cybercrime Action Taskforce (J-CAT).
VS: Can you tell us briefly about your background in cybersecurity and your current role?
PA: I have spent the last 15-plus years on cybersecurity, cyberdefence and combatting cybercrime in international environments, most recently as the Head of Strategy of Europol’s European Cybercrime Centre. I have had the opportunity to work with teams on governance, strategic and operational matters, focusing on international and crossborder collaboration with relevant stakeholders such as industry.
VS: Cybercrime has grown, and unfortunately seems to continue to grow rapidly. What are the key drivers behind this?
PA: In my opinion, this is driven by a number of factors. As our lives become increasingly digital and we move online with seemingly everything around us becoming ‘smart’ and connected to the internet, criminals have adapted and moved online, too. Ever increasing digitalisation offers many new opportunities and advantages; however, it also creates opportunities for criminals through a constantly expanding attack surface and a more complex cyber ecosystem that is becoming harder to protect. The reality is that the entry point of an attack can now be your connected fridge or your smart lightbulb.
At the same time, we have a thriving underground economy that provides the services and tools for criminals to commit cybercrime. This lowers the entry barrier for criminals, as they do not necessarily need to have the required technical skills and expertise to do so. This makes cybercrime an asymmetric threat in terms of risks, costs and financial profits, and also because it enables a broad base of entry-level cybercriminals to launch attacks of a scale and scope disproportionate to their technical capability. We still face many challenges in disrupting and investigating cybercrime at scale, which can be attributed to its borderless, international nature, combined with a number of technical and legal issues.
VS: What types of actors would you say represent the biggest share of online criminal activity? Ideologically driven hackers, state-sponsored players, organised crime, or others? What do the different cybercriminals want?
PA: This is difficult to say, due to a lack of visibility and underreporting, but also an absence of common definitions. State-sponsored or state-condoned hackers will typically try to stay undetected. If they do get detected, that information may not get reported widely. Hacktivists and other types of ideologically driven hackers, who tend not to be financially motivated, regularly use unsophisticated measures, such as DDoS attacks or web site defacements. So, publicity would be one of their objectives.
I think in terms of volume, scope and financial impact, it is safe to assume that cybercriminality and organised crime take the biggest share.
What we do see is a convergence, with some organised groups acting as statesponsored actors as well as cybercriminals, using the same or similar tactics, techniques and procedures. This means that some cybercriminals may also follow a political agenda in terms of target selection and intended impact.
Philipp Amann, former Head of Strategy at Europol's European Cybercrime Centre (EC3).