IOCTA spotlight report on malware-based cyber-attacks published

Following the Internet Organised Crime Assessment (IOCTA) 2023, today Europol published the spotlight report “Cyber Attacks: The Apex of Crime-as-a-Service”. It examines developments in cyber-attacks, discussing new methodologies and threats as observed by Europol’s operational analysts. The report also outlines the types of criminal structures that are behind cyber-attacks, and how these increasingly professionalised groups are exploiting changes in geopolitics as part of their modi operandi.

Malware-based cyber-attacks, specifically ransomware, remain the most prominent threat. These attacks can attain a broad reach and have a significant financial impact on industry. Europol’s spotlight report takes an in-depth look at the nature of malware attacks as well as the ransomware groups’ business structures. The theft of sensitive data could establish itself as the central goal of cyber-attacks, thereby feeding the growing criminal market of personal information.

As well as shedding light on the most common intrusion tactics used by criminals, the report also highlights the significant boost in Distributed Denial of Service (DDoS) attacks against EU targets. Lastly, among the report’s key findings are the effects the war of aggression against Ukraine and Russia’s internal politics have had on cybercriminals.

Key findings in “Cyber Attacks: The Apex of Crime-as-a-Service”

• Malware-based cyber-attacks remain the most prominent threat to industry;
• Ransomware affiliate programs have become established as the main form of business organisation for ransomware groups;
• Phishing emails containing malware, Remote Desktop Protocol (RDP) brute forcing and Virtual Private Network (VPN) vulnerability exploitation are the most common intrusion tactics;
• The Russian war of aggression against Ukraine led to a significant boost in Distributed Denial of Service (DDoS) attacks against EU targets;
• Initial Access Brokers (IABs), droppers-as-a-service and crypter developers are key enablers utilised in the execution of cyber-attacks;
• The war of aggression against Ukraine and Russia’s internal politics have uprooted cybercriminals. pushing them to move to other jurisdictions.

Europol’s response in fighting cyber-attacks

Europol provides dedicated support for cybercrime investigations in the EU and thus helps protect European citizens, businesses and governments from online crime. Europol offers operational, strategic, analytical and forensic support to Member States’ investigations, including malware analysis, cryptocurrency-tracing training for investigators, and tool development projects. Based in Europol’s European Cybercrime Centre (EC3), the Analysis Project Cyborg focuses on the threat of cyber-attacks and supports international investigations and operations into cyber criminality affecting critical computer and network infrastructures in the EU.