The recent CrowdStrike Threat Landscape Report highlights that the decline of the cyber threat landscape in Europe was due to the management of organized cybercriminal networks and ransomware groups, and the governance of state-affiliated conflicting geopolitical actors. Europe has a concentration of organized crime syndicates. Europe is the second most targeted region in the world, victim to ransomware.
Over 2,100 extortion victims with European connections have been documented and published on extortion and leak sites
The ransomware threat has been mostly focused on the construction and professional services, retail, IT, and industrial engineering sectors, with the greatest economies of the region, the UK, Germany, France, Italy, and Spain, experiencing an almost 13% increase in hostile ransomware activity as compared to last year.
The report highlights the most concerning finding, which is the rate of ransomware delivery. To the greatest extent, cybercriminal groups have consolidated their attack cycles to deliver within 24 hours, which is an increase of 48%. This increase is a significant benchmark due to rapid advancements within the cybercriminal ecosystem.
The report highlights criminal activities alongside growing operations by state-backed perpetrators from Russia, China, Iran, and North Korea, who are expanding into Europe and, in many cases, converging with e-crime networks.
Russia-nexus adversaries have been expanding their focus beyond Ukraine-related operations
Russian state-backed adversaries are expanding their focus outside of operations related to Ukraine. Russia is also extending its focus to include the military, energy, and telecom sectors of NATO and its member states.
China-nexus operations have been aggressively targeting Europe’s manufacturing, aerospace, and defense sectors, as well as government institutions, with a strong focus on supply-chain and IP-driven objectives.
North Korea remains an active undermining actor in the realm of economic and diplomatic espionage, as well as intelligence gathering over cyber networks, focused on Europe, particularly for its economic and diplomatic leverage.
One of the more concerning trends is Industrial Cyber
One of the more concerning trends documented in the report is the fusion of cybercrime with attacks of the old-school variety. These actors are starting to offer the complete ‘violence-as-a-service’ package for sale and are routing monetization through crypto.
This type of hybridization poses an unprecedented threat to critical infrastructure and sensitive sectors, including manufacturing and the supply chain.
The need for rapid detection and response is much greater than before. Ransomware actors are minimizing dwell-in-response times. This dramatically raises the risk from undetected ransomware and compromised recovery efforts. Undetected and poorly remediated ransomware infections increase risk exposure.
Undetected and poorly remediated ransomware infections increase risk exposure
The involvement of initial access brokers suggests low-hanging fruit in terms of network exposure and credential compromise, rather than the sophistication of the malware.
With the convergence of state and hybrid actors and cybercriminals with traditional criminals, organizations must understand the adversary’s motivation, their TTP (tactics, techniques, and procedures), and the potential overriding geopolitical context.
The integration of offensive cyber capabilities and the potential for physical sabotage mean organizations must broaden their view of IS risk to include OT, supply chains, and the safety of personnel. The scale and volume of attacks are necessitating unprecedented cross-sector and cross-border collaboration within the region. The expectation from improved regulatory alignment is driven operational resilience, which is integrated from within the organization through the exchange of attack mitigations and coordinated incident response.
The recent publication conveys capabilities to manage the flow of freight and personnel and their physical positioning. More rapid, increasingly fierce, and, for the first time, intertwined with global geopolitics. The changing intersection of ransomware groups with hybrid kinetic attacks and the merging of state-sponsored adversaries necessitates a shift in focus from a purely defensive approach to a proactive, comprehensive, intelligence-driven, and resilient posture.
