The EU police agency, Europol, has released a threat report indicating that despite the changes in the cybersecurity landscape brought about by Russia’s war against Ukraine, malware-based cyberattacks, particularly ransomware, continue to be the primary threat in Europe.
Furthermore, the report emphasizes the growing prevalence of ransomware affiliate programs, which have become the primary organizational model for ransomware groups. These cybercriminals employ multi-layered extortion methods, raising concerns about the theft of sensitive information becoming a central threat.
The report outlines common intrusion tactics, including phishing emails with malware, remote desktop protocol (RDP) brute forcing, and exploiting virtual private network (VPN) vulnerabilities.
Notably, the report highlights a shift from using malicious macros to container files by cybercriminals, following Microsoft’s countermeasures against macros delivered over the internet in their applications.
Europol also identifies Emotet and BazarLoader as prominent droppers used for malware distribution, primarily through email campaigns. The impact of Russia’s war against Ukraine is evident in a significant increase in distributed denial-of-service (DDoS) attacks within the EU, primarily orchestrated by politically motivated pro-Russian hacker groups. Public organizations and digital service providers are among the top targets of these “politicized” Russian cyberattacks.
The conflict in Ukraine, along with mass mobilization in Russia and Western sanctions, has driven some cybercriminals in the region to seek refuge in EU jurisdictions. The report highlights the arrest of a prolific Ukrainian cybercriminal who had been creating and selling RacoonStealer, a data theft malware, since 2019.
This malware-as-a-service product was distributed to clients, primarily other criminals, for $200 per month, paid in cryptocurrencies, and has been used in data theft and cryptocurrency wallet draining attacks.
As a criminal threat affecting the EU, Europol warns of further cyberattacks driven by cybercriminals embracing new technologies and targeting sensitive data, contributing to the growth of the crime-as-a-service ecosystem to cater to a broader criminal base.