Europol Report Highlights Ransomware as Dominant Cyber Threat

According to a report by Europol titled “Cyber-attacks: the apex of crime-as-a-service,” ransomware attacks continue to be the most prominent cyber threat. The report provides insights into emerging threats and evolving methodologies observed by Europol’s operational analysts.

Key findings from the report include:

1. Ransomware Dominance: Malware-based cyber-attacks, especially ransomware, remain the most significant threat, affecting a wide range of industries.
2. Ransomware Affiliate Programs: Ransomware groups increasingly operate through affiliate programs, employing multi-layered extortion tactics that may involve data theft.
3. Common Intrusion Tactics: Phishing emails containing malware, Remote Desktop Protocol (RDP) brute forcing, and Virtual Private Network (VPN) vulnerability exploitation are the most common tactics used by cybercriminals to gain access.
4. Legitimate Tools Exploitation: Cybercriminals often exploit legitimate operating system tools for persistence and network traversal, making detection and mitigation challenging.
5. DDoS Attacks: The conflict between Russia and Ukraine has led to a significant increase in Distributed Denial of Service (DDoS) attacks targeting EU entities, often politically motivated and orchestrated by pro-Russian groups.
6. Role of Cybercriminal Actors: Initial Access Brokers (IABs), droppers-as-a-service, and crypted developers play crucial roles in executing various cyber-attacks.
7. Cybercriminal Marketplaces: High-tier cybercriminals benefit from active criminal marketplaces and IABs selling stolen data, and geopolitical shifts may lead some cybercriminals to relocate.

The report is part of the Internet Organised Crime Assessment (IOCTA) 2023 series and serves as a resource for understanding the current state of cybercrime. It will be accompanied by spotlight reports focusing on specific areas of cybercrime, including cyber-attacks, online fraud, and child sexual exploitation, which will be released later in the year. These reports aim to provide in-depth insights into various aspects of cybercriminal activities.