Ukraine war sees forced migration of cyber criminals – Europol

Europe’s police service has warned the threat of cyber-attack will only increase with ransomware the major threat.

Europol has said following the organisation’s Internet Organised Crime Assessment (IOCTA) 2023, today it has published a spotlight report “Cyber Attacks: The Apex of Crime-as-a-Service”.

The publication examines developments in cyber-attacks, discussing new methodologies and threats as observed by Europol’s operational analysts. The report also outlines the types of criminal structures that are behind cyber-attacks, and how these increasingly professionalised groups are exploiting changes in geopolitics as part of their modi operandi.

It warned: “Malware-based cyber-attacks, specifically ransomware, remain the most prominent threat. These attacks can attain a broad reach and have a significant financial impact on industry.

“Europol’s spotlight report takes an in-depth look at the nature of malware attacks as well as the ransomware groups’ business structures. The theft of sensitive data could establish itself as the central goal of cyber-attacks, thereby feeding the growing criminal market of personal information.”

“Cyber-attacks are expected to further increase as a criminal threat affecting the EU,” the report stated. “Cybercriminals are likely to further embrace new technologies and maximise the reach of their services, with sensitive data as a core target. The crime-as-a-service ecosystem will further develop in order to service a wider criminal base.”

As well as shedding light on the most common intrusion tactics used by criminals, the report also highlights the significant boost in Distributed Denial of Service (DDoS) attacks against EU targets. Lastly, among the report’s key findings are the effects the war of aggression against Ukraine and Russia’s internal politics have had on cybercriminals.

Its key findings include:

  • Malware-based cyber-attacks remain the most prominent threat to industry.
  • Ransomware affiliate programs have become established as the main form of business organisation for ransomware groups.
  • Phishing emails containing malware, Remote Desktop Protocol (RDP) brute forcing and Virtual Private Network (VPN) vulnerability exploitation are the most common intrusion tactics.
  • The Russian war of aggression against Ukraine led to a significant boost in Distributed Denial of Service (DDoS) attacks against EU targets.
  • Initial Access Brokers (IABs), droppers-as-a-service and crypter developers are key enablers utilised in the execution of cyber-attacks.
  • The war of aggression against Ukraine and Russia’s internal politics have uprooted cybercriminals. pushing them to move to other jurisdictions.

“The year 2022 brought forth a number of developments in the cybercrime threat landscape related to the geopolitical turmoil caused by Russia’s war of aggression against Ukraine as well as law enforcement actions taken against threat actors and cybercriminal infrastructure,” it added. “Ransomware groups have remained the most outstanding threat and have established a clear approach of going after international companies, public organisations, critical infrastructure and essential services.

“According to the European Union Agency for Cybersecurity (ENISA) and reports from the private sector, ransomware attacks caused most concern for the manufacturing industry. Affiliate programs remain the dominant form of business organisation for ransomware groups. They work closely with other malware-as-a-service groups and initial access brokers (IABs) to compromise high-revenue targets and post huge ransom demands, running into millions of Euros.”

It continued: “Cyber-attacks, motivated by both financial gain and political beliefs, are becoming more targeted and continue causing disruptions in all sectors. They can create steep financial setbacks, in terms of incident response and recovery, to businesses and governmental organisations alike. The social impact of cyber-attacks varies based on the target and can range from making (public) services unavailable to hampering critical infrastructure. The by-product of attacks is often people’s personal data being stolen or leaked online, which damages their privacy and makes them more susceptible to further exploitation by criminal actors.”