Attacks and Vulnerabilities
Critical infrastructure
Malware, Phishing & Ransomware
News
Reports
Threat Landscape

New Europol report sheds light on malware, DDoS attacks, unveils ransomware groups’ business structures

September 15, 2023
New Europol report sheds light on malware, DDoS attacks, unveils ransomware groups’ business structures

Europol published this week a spotlight report that examines developments in cyber-attacks, discussing new methodologies and threats as observed by the agency’s operational analysts. The report outlines the types of criminal structures that are behind cyber-attacks, and how these increasingly professionalized groups are exploiting changes in geopolitics as part of their modi operandi.

Titled, ‘Cyber Attacks: The Apex of Crime-as-a-Service,’ the Europol report identified malware-based cyber-attacks, specifically ransomware, remain the most prominent threat. “These attacks can attain a broad reach and have a significant financial impact on industry. Europol’s spotlight report takes an in-depth look at the nature of malware attacks as well as the ransomware groups’ business structures. The theft of sensitive data could establish itself as the central goal of cyber-attacks, thereby feeding the growing criminal market of personal information,” it added. 

The report also disclosed that ransomware affiliate programs have become established as the main form of business organization for ransomware groups, who continue deploying multi-layered extortion methods, with indications that the theft of sensitive information might become the core threat. “Phishing emails containing malware, Remote Desktop Protocol (RDP) brute forcing and Virtual Private Network (VPN) vulnerability exploitation are the most common intrusion tactics used by cybercriminals. Legitimate software and tools built into operating systems are then misused to establish persistence and traverse their victims’ networks.”

It also identified that the Russian war of aggression against Ukraine led to a significant boost in distributed denial of service (DDoS) attacks against EU targets, and the “most noticeable DDoS attacks were politically motivated and coordinated by pro-Russian hacker groups.” 

The report also disclosed that Initial Access Brokers (IABs), droppers-as-a-service and crypter developers are key enablers utilized in the execution of a variety of cyber-attacks. “High-tier cybercriminals benefit greatly from the increased activity on criminal marketplaces and of IABs selling stolen data. The war of aggression against Ukraine and Russia’s internal politics have uprooted cybercriminals pushing them to move to other jurisdictions.”

Europol said in its report that the year 2022 brought forth a number of developments in the cybercrime threat landscape related to the geopolitical turmoil caused by Russia’s war of aggression against Ukraine as well as law enforcement actions taken against threat actors and cybercriminal infrastructure.

“Ransomware groups have remained the most outstanding threat and have established a clear approach of going after international companies, public organisations, critical infrastructure, and essential services,” the report identified. “According to the European Union Agency for Cybersecurity (ENISA) and reports from the private sector, ransomware attacks caused most concern for the manufacturing industry.” 

It also added that affiliate programs remain the dominant form of business organization for ransomware groups. “They work closely with other malware-as-a-service groups and initial access brokers (IABs) to compromise high-revenue targets and post huge ransom demands, running into millions of Euros.”

The Europol report said that cyber-attacks, motivated by both financial gain and political beliefs, are becoming more targeted and continue causing disruptions in all sectors. “They can create steep financial setbacks, in terms of incident response and recovery, to businesses and governmental organisations alike. The social impact of cyber-attacks varies based on the target and can range from making (public) services unavailable to hampering critical infrastructure.” 

Addressing the business structure, the Europol report said that ransomware groups and affiliate programs continue to plague international enterprises, public organizations, critical infrastructure, and essential services. “Affiliate programs have become established as the staple form of ransomware-as-a-service (RaaS) because of their streamlined processes as well as the scalability of their activities. Their business model is based on developing a platform, which affiliates can use for deploying ransomware, posting exfiltrated data, and laundering the criminal proceeds.” 

Additionally, it added that the administrators of the platform (ransomware group) receive a percentage of all the payments made to criminals using their service.

In its response to fighting cyber-attacks, the Europol report said that such attacks are expected to further increase as a criminal threat affecting the EU. “Cybercriminals are likely to further embrace new technologies and maximise the reach of their services, with sensitive data as a core target. The crime-as-a-service ecosystem will further develop in order to service a wider criminal base,” it added. 

“Europol’s mission is to support EU Member States and cooperation partners in preventing and combating all forms of serious international and organised crime, cybercrime and terrorism,” the report added. “In 2013, Europol set up the European Cybercrime Centre (EC3) to provide dedicated support for cybercrime investigations in the EU and thus to help protect European citizens, businesses and governments from online crime.” 

It further added that EC3 offers operational, strategic, analytical, and forensic support to Member States’ investigations, including malware analysis, cryptocurrency-tracing training for investigators, and tool development projects. “EC3’s dedicated Analysis Project Cyborg, focused on the threat of cyber-attacks, supports international investigations and operations into cyber criminality affecting critical computer and network infrastructures in the EU.”

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings