Dutch police raise concerns over cheap cybercrime-as-service

The Dutch police are concerned about an increasingly popular development in cybercrime, which the police refer to as cybercrime-as-service. Criminals can now buy cyber attacks easily, cheaply and at any time of day or night, the police said in a statement.

"A new cyber-criminal service sector has emerged online in recent years. There are services available for every step in the criminal process, the so-called cybercrime-as-service. The purchase of your own DDoS attacks or phishing email then comes with a 24/7 help desk", said Theo van der Plas, digitalization and cybercrime program director at the police.

These cybercrime services are widely available and relatively cheap. "This means that criminals with little digital knowledge can commit crimes and make a large number of victims with relatively little effort", Van der Plas said. "On the one hand we now see that serious criminals take control of the online world, for example by trading in drugs and weapons or extorting companies with ransomware. On the other hand, there is the ease with which young people make use of such services, for example by targeting their school with a DDoS attack."

In the past year, DDoS attacks left a number of Dutch banks, the Tax Authority, Customs and DigiD unreachable for periods of time. Ransomware remained a problem and phishing continued to grow, the police said. A new type of cybercrime also emerged - formjacking, in which criminals copy a website very closely and thereby steal details customers enter thinking they are on the original site. 

Last year the police conducted 299 regular cybercrime investigations and 43 complex investigations. "There was also a lot of capacity involved in international urgent requests for investigation in other countries. As a result, we were able to pick up slightly fewer investigations than agreed. Nevertheless, this is a good result and an upward trend, especially given the fact that four years ago we were still conducing around 80 cybercrime investigations on annual basis", Van der Plas said. 

On Wednesday the national coordinator for counter-terrorism and security NCTV released its annual Cyber Security Assessment for the Netherlands. In it the NCTV warned that the Netherlands' dependence on digital systems poses a risk to national security. The NCTV also said that the Dutch digital infrastructure is frequently used for cybercrime - the Netherlands is second in the world on this front, after the United States.  "This also explains the number of international investigations we are cooperating with", Van der Plas said.