This post is also available in: עברית (Hebrew)
A new threat report from Europol states that malware-based ransomware cyberattacks have been a major threat, and that ransomware affiliate programs have established themselves as the main form of business organization for ransomware groups.
The report states: “Cybercriminals usually gain initial access through compromised user credentials or by exploiting vulnerabilities in the targeted infrastructure.”
According to Cybernews, the most common tactics are phishing emails that contain malware, RDP brute forcing, and VPN vulnerability exploitation.
The report details that after Microsoft blocked the option to deliver macros over the internet in their applications, cybercriminals have shifted to using container files. Nevertheless, victims can still be infected with droppers through internet search engines, where users are lured with search engine optimization (SEO) keywords to download malware disguised as a legitimate program or tool.
It is also important to note the impact of Russia’s war against Ukraine on the process, which according to the report has led to a “significant boost” in DDoS attacks against targets in the EU. It states that the most noticeable DDoS attacks were politically motivated and coordinated by pro-Russian hacker groups, with public organizations and digital service providers being the most targeted.
Furthermore, the war in Ukraine, mass mobilization in Russia, and Western sanctions have pushed some previously untouchable cybercriminals in the region to flee to jurisdictions in the EU.
Among these was the creator of a data theft malware that has been around since 2019 called “RacoonStealer”. This was a malware-as-a-service product sold to clients for $200 a month (in cryptocurrencies) and is thought to have been used to steal data and drain the digital currency wallets of more than two million victims.
Europol concluded by warning that cyberattacks are expected to further increase as a criminal threat affecting the EU, and added that cybercriminals are likely to further embrace new technologies and maximize the reach of their services, with sensitive data as a core target.