14-06-2023 10:37

Cybercriminals can attack through your connected fridge or lightbulb

For the latest Nordea On Your Mind report on cybersecurity, the team was keen to include a law enforcement perspective on cybercrime. They spoke to Philipp Amann, former Head of Strategy at Europol's European Cybercrime Centre (EC3).
Cybersecurity II

In this interview with Nordea On Your Mind author Viktor Sonebäck (VS), Philipp Amann (PA) describes how increasing digitalisation and ease of underground access to tools and services continues to drive growth in cybercrime.

Europol's European Cybercrime Centre (EC3) provides analytical and technical support and coordinates cross-border investigations within the EU and with external partners such as the FBI and Interpol, for example, through the Joint Cybercrime Action Taskforce (J-CAT).

VS: Can you tell us briefly about your background in cybersecurity and your current role?

PA: I have spent the last 15-plus years on cybersecurity, cyberdefence and combatting cybercrime in international environments, most recently as the Head of Strategy of Europol’s European Cybercrime Centre. I have had the opportunity to work with teams on governance, strategic and operational matters, focusing on international and crossborder collaboration with relevant stakeholders such as industry.

VS: Cybercrime has grown, and unfortunately seems to continue to grow rapidly. What are the key drivers behind this?

PA: In my opinion, this is driven by a number of factors. As our lives become increasingly digital and we move online with seemingly everything around us becoming ‘smart’ and connected to the internet, criminals have adapted and moved online, too. Ever increasing digitalisation offers many new opportunities and advantages; however, it also creates opportunities for criminals through a constantly expanding attack surface and a more complex cyber ecosystem that is becoming harder to protect. The reality is that the entry point of an attack can now be your connected fridge or your smart lightbulb.

At the same time, we have a thriving underground economy that provides the services and tools for criminals to commit cybercrime. This lowers the entry barrier for criminals, as they do not necessarily need to have the required technical skills and expertise to do so. This makes cybercrime an asymmetric threat in terms of risks, costs and financial profits, and also because it enables a broad base of entry-level cybercriminals to launch attacks of a scale and scope disproportionate to their technical capability. We still face many challenges in disrupting and investigating cybercrime at scale, which can be attributed to its borderless, international nature, combined with a number of technical and legal issues.

VS: What types of actors would you say represent the biggest share of online criminal activity? Ideologically driven hackers, state-sponsored players, organised crime, or others? What do the different cybercriminals want?

PA: This is difficult to say, due to a lack of visibility and underreporting, but also an absence of common definitions. State-sponsored or state-condoned hackers will typically try to stay undetected. If they do get detected, that information may not get reported widely. Hacktivists and other types of ideologically driven hackers, who tend not to be financially motivated, regularly use unsophisticated measures, such as DDoS attacks or web site defacements. So, publicity would be one of their objectives.

I think in terms of volume, scope and financial impact, it is safe to assume that cybercriminality and organised crime take the biggest share.

What we do see is a convergence, with some organised groups acting as statesponsored actors as well as cybercriminals, using the same or similar tactics, techniques and procedures. This means that some cybercriminals may also follow a political agenda in terms of target selection and intended impact.

Philipp Amann, former Head of Strategy at Europol's European Cybercrime Centre (EC3).

VS: What are the most significant or obvious cybercrime threats to corporates today? Does the more tense geopolitical situation bring a risk of new large cyber attacks by state-sponsored players, such as NotPetya and WannaCry in 2017?

PA: Unsurprisingly, ransomware still represents a top threat that can be considered a global cybersecurity risk that goes way beyond any financial damage. We have unfortunately seen this with attacks against critical infrastructure such as the healthcare sector.

Business e-mail comprise and CEO fraud also remain key cybercrime threats with considerable losses reported globally as well as fraud, phishing and supply chain attacks. Other significant threats include DDoS attacks, social engineering and cryptojacking, where attackers use malware to abuse computing resources to mine cryptocurrencies such as Monero.

As mentioned before, the availability of the necessary services and tools, for instance as part of the Ransomware-as-a-Service business model, leads to a higher level of ‘professionalism’ as it allows different groups to specialise on certain steps of the attack chain.

More recently, with the advent of ‘AI-as-a-Service’, we also see a higher level of automation of attacks and the increased use of deepfakes and mis/disinformation in attacks. The latest advancements in the area of Large Language Models like ChatGPT also highlight new cybercrime risks, for instance when it comes to the automated development of malware. We have covered these trends in dedicated reports, which can be downloaded from Europol’s web site.

It is likely that the current geopolitical situation will increase the risk of large-scale attacks as more malicious actors with different agendas are getting involved – facilitated by the availability of the tools and services to launch attacks. This means that a large scale attack could also be the result of an unintended side-effect of malware ‘getting into the wild’.

Europol's EC3 aims to prevent and combat cybercrime by facilitating information exchange, supporting crossborder investigations, developing cybercrime intelligence, and conducting proactive activities.

VS: What is the mission of Europol’s EC3? When/how are you typically involved? Proactive work? Incident-related?

PA: Europol supports EU Member States in preventing and combating serious international crime and terrorism. This includes facilitating the exchange of information between the law enforcement agencies of EU member states and non-EU partners, providing analytical and technical support, and coordinating and supporting crossborder operations and investigations.

Established in January 2013, Europol’s European Cybercrime Centre (EC3) brings together law enforcement agencies, industry partners, and other stakeholders to share information and coordinate actions to combat cybercrime. EC3 also develops and disseminates cybercrime intelligence products, like the Internet Organised Crime Threat Assessment to help Member States identify and respond to emerging threats, and coordinates and supports EU-wide campaigns and initiatives, such as the No More Ransom initiative. EC3 has been established with the principle of networking at its core. This includes the EU Cybercrime Taskforce, which brings together the Heads of the cybercrime divisions in the EU Member States and its three industry Advisory Groups.

Many requests for support coming from Member States could be considered reactive or in response to a particular criminal incident that falls under Europol’s EC3’s mandate, however, the Centre also aims to be proactive by conducting forward-looking threat and technology assessments, and focusing on prevention and awareness activities in collaboration with EU, law enforcement and industry partners. For instance, one of the strategic objectives is to identify and disrupt key facilitators in the underground economy, thereby maximising the impact of law enforcement actions.

The reality is that the entry point of an attack can now be your connected fridge or your smart lightbulb.

Philipp Amann, former Head of Strategy at Europol's EC3

VS: How do you collaborate across countries and industries?

PA: As mentioned already, the collaboration with industry and across borders is absolutely essential in order to be effective in the fight against cybercrime. Typically, criminals operate from different geographical regions and jurisdictions, with criminal infrastructure and victims being located in different countries. Consequently, it requires a cross-border and international network for an impactful response to cybercrime.

A great example of such a network with an operational focus is the Joint Cybercrime Action Taskforce (J-CAT), a cybercrime-fighting unit established in 2014 and hosted at Europol’s EC3. It brings together a team of cybercrime experts from various law enforcement agencies in the EU and non-EU partners. The J-CAT team works closely with partners worldwide, including Interpol and the FBI, to combat cybercrime on a global scale.

EC3 has also established three Advisory Groups for the internet security community, the financial sector and communication providers. These groups bring together around 70 senior-level industry experts working collectively, and is results-oriented on addressing cyberthreats.

VS: Are companies doing enough, or is there more to do? If you were to recommend only one key thing for a typical large corporate to do to improve its ability to deal with cybercrime, what would it be? What is at the top of the list?

PA: Companies can do a lot to become more secure and resilient, and mitigate the threats posed by cybercrime. The key to protect your organisation against cybercrime is to implement a comprehensive and proactive cybersecurity strategy so there is obviously no single activity that can provide complete protection against cybercrime.

However, if I had to recommend one key activity, I would suggest strong, multi-factor authentication as a starting point.

And just to repeat a key message here – build your networks of partners, including law enforcement, to be optimally prepared in the fight against cybercrime.

Nordea On Your Mind is the flagship publication of Nordea Investment Banking’s Thematics team, which produces research for large corporate and institutional clients. The research does not contain investment advice and typically covers topics of a strategic and long-term nature, which can affect corporate financial performance.

Top decision makers at Nordea’s large clients across the Nordic region receive Nordea On Your Mind around eight times per year. The publication’s themes vary widely, and many are selected from suggestions by clients. Examples of covered topics include artificial intelligence, wage inflation, M&A, e-commerce, income inequality, ESG, cybersecurity and corporate leverage.

Nordea On Your Mind