Our interview with Philipp Amann, Head of Strategy of Europol’s European Cybercrime Centre (EC3)
Philipp Amann is the Head of Strategy of Europol’s European Cybercrime Centre (EC3), which was established in 2013 to strengthen the law enforcement response to cybercrime in the EU and help protect European citizens, businesses and governments from online crime. EC3 Strategy is responsible for assessing and acting on threats and trends related to cybercrime and cyber-security. The Centre delivers a number of strategic, situational and tactical products like their flagship annual report, the Internet Organised Crime Threat Assessment (IOCTA).
We have interviewed Philipp Amann to discuss the key findings of the recently published report Catching the virus cybercrime, disinformation and the COVID-19 pandemic. In this interview, he provides key practical recommendations for individuals and organisations as they face the challenges of the “new normal” defined by the current crisis. By looking both at risks and remedies, he outlines an approach to organisational cybersecurity and cyber resilience that underlines, among other things, the need for prevention and awareness as well as a holistic view of the threats and challenges.
Since the beginning of the current health crisis, Europol has been monitoring the impact of COVID-19 on the cybercrime landscape. Mr Amann, could you tell us what this impact has been?
Europol has been gathering intelligence from open sources, law enforcement and other partners on the current cyber-threat landscape.
Cybercriminals have been particularly quick in exploiting the situation, and the global pandemic has become a cybersecurity risk with significant numbers of people teleworking, often with outdated security systems. In this context, one indicator is the increase in the registration of domains registered related to the words ‘corona’ and ‘COVID’, which can form the backbone for many criminal operations.
Phishing and ransomware campaigns and distributed denial-of-service (DDoS) attacks – including against the healthcare sector – are being launched to exploit the current crisis and are expected to continue to increase in scope and scale.
Also, the dark web continues to host various platforms such as marketplaces and vendor shops to distribute illicit goods and services. Vendors attempt to innovate by offering COVID-19 related products.
Moreover, activity around the distribution of child sexual exploitation material online appears to be on the increase, based on a number of indicators.
Together with our law enforcement partners, private industry partners, and other relevant EU entities, we continue to monitor the relevant threats and developments.
How is the European Cybercrime Centre (EC3) cooperating with the private sector and the cyber-security community to support the prevention and investigation of cyber attacks across Europe in this particular moment?
Throughout this crisis, Europol has been supporting EU law-enforcement authorities and other partners 24/7 by providing ongoing operational support and coordination of increasing cybercrime cases. We have also launched prevention and awareness campaigns to support law enforcement in fighting cybercrime and help citizens stay safe online.
To this end, Europol has implemented a dedicated page that provides easy access to relevant information, including all the specialised reports published by us so far as well as prevention and awareness advice (https://www.europol.europa.eu/staying-safe-during-covid-19-what-you-need-to-know).
We closely cooperate with the CERT-EU, ENISA as well as the wider internet security community to share information and best practices in a timely manner, as well as to participate in joint cyber exercises to test our capabilities and response to large scale cyber attacks.
We are also working with the European Commission on further improving the collaboration with registries and registrars on ‘COVID-19-themed’ malicious domains.
Cooperation with the private sector is essential. The private sector holds much of the evidence of cybercrimes. However, private party takedowns of criminal infrastructures, removal of illicit content, and reporting of data breaches to law enforcement are among the most effective measures to fight cybercrime.
More than three years ago, we initiated the NoMoreRansom platform together with law enforcement and industry partners. The site (www.nomoreransom.org/) now has more than 150 partners, is available in 36 different languages and, most importantly, provides access to more than 100 different free tools that can be used to decrypt many different types of ransomware.
Public sector organisations, especially hospitals, have been the target of cyber attacks during the pandemic. What measures should these entities implement to increase cyber resilience and mitigate the impact of breaches of confidentiality, integrity and availability of personal data?
Cyber security is a shared responsibility and – while technology can provide baseline protection – a strong focus should be put on human factors. This means that on-going and targeted training, education, and awareness raising are equally important to technology and complement technology measures to support a high level of cyber security and resilience. For example, we see that complex attack scenarios often start with phishing emails or social engineering which can enable existing technical security measures to be effectively bypassed.
Organisations need to manage internal risks and the risks within the environment in which they operate, including the supply chain. This requires having both the technical and organisational measures to ensure the security of systems and information. This includes resources, capabilities, processes and tools to detect, defend and respond effectively and efficiently to cyber attacks. Security, including core principles such as security and privacy by design, needs to be a key element of all business processes and activities of an organisation.
Recent data breaches also highlight the importance of having well-defined and enforced data breach notice procedures in place and implementing cyber-security measures and practices at all levels of an organisation. Law enforcement can be a strong partner in this.
In more practical terms, organisations should put in place a recovery system in case of a ransomware infection. Organisations should also use robust antivirus software and end point protection, and keep all software up to date. This requires, among other things, patch management as well as vulnerability management procedures to be defined and implemented. Moreover, organisations should monitor for suspicious network traffic and account activities, and combine this with a strong password policy and access controls. These elements should be part of a broader cyber security programme.
The education sector is responding to the current crisis with a sudden shift to online teaching and learning solutions, which drastically increased the online presence of children in a matter of days. Have the risks for children on the internet also increased?
It is worrying to see indications of increased online activity by those seeking child abuse material online.
Due to the lockdown and the related school closures, some children are more vulnerable, with less supervision and greater online exposure. Offenders attempt to take advantage of isolated children through grooming, sexual coercion, and extortion.
We have launched prevention campaigns to inform parents and persons responsible for children about possible threats. It is extremely important that we properly inform parents and other persons responsible for children about the possible threats.
It is essential that parents pay attention to their children’s online activity, the most important part of that is having open conversations with them and following through by enabling parental controls and internet filtering, among other things.
Through our prevention campaigns we want to send clear messages and recommendations to children, parents, and educators to raise awareness on how to prevent abuse situations.
Malicious actors have mastered the exploitation of technical and social vulnerabilities. How can people protect their online lives from these threats?
As mentioned, cyber security and resilience are a shared responsibility. Social engineering is one of the main techniques used in penetrating cyber-security measures (e.g. phishing or CEO fraud). Being able to identify and prevent social engineering attacks is therefore an essential security measure.
What applies to organisations equally applies to individuals – use robust antivirus software and keep all software up to date. Lock down your accounts and use complex passwords. Do not overshare your personal information and trust no one online (e.g. never open attachments in emails from someone you do not know).
Further information on the organisational and technical measures that enable cyber security and resilience can be found on the Europol website. Also, you are welcome to get in touch with our Data Protection and Cyber Risk Team.