Europol: malware remains top cyberthreat

Russia’s war against Ukraine has changed the cybercrime landscape in Europe, but malware-based cyberattacks remain the main threat to the industry, according to the EU police agency.

According to a new threat report from Europol, malware-based cyberattacks, specifically ransomware, continue to have a broad reach and a significant impact on the industry.

It said that ransomware affiliate programs – or ransomware-as-a-service – have become established as the main form of business organization for ransomware groups.

Cybercriminals continue to deploy multi-layered extortion methods, with “indications” that the theft of sensitive information could become the core threat.

“Cybercriminals usually gain initial access through compromised user credentials or by exploiting vulnerabilities in the targeted infrastructure,” the report read.

The most common intrusion tactics include phishing emails containing malware, remote desktop protocol (RDP) brute forcing, and virtual private network (VPN) vulnerability exploitation.

“According to some research, criminals have shifted their preference of using malicious macros in favor of container files after Microsoft blocked macros delivered over the internet in their applications,” the report said.

Emotet and BazarLoader are two of the most prominent droppers used for malware distribution, which is still mostly focused on email campaigns.

“Victims can also be infected with droppers through internet search-engines, where users are lured with search engine optimization (SEO) keywords to download malware disguised as a legitimate program or tool,” Europol said.

Impact of war

The agency also noted the impact of Russia’s war against Ukraine in its report, which it said led to a “significant boost” in distributed denial-of-service (DDoS) attacks against targets in the EU.

“The most noticeable DDoS attacks were politically motivated and coordinated by pro-Russian hacker groups,” it said, adding that public organizations and digital service providers were among top targets of “politicized” Russian cybercrime.

The report also said that the war in Ukraine, mass mobilization in Russia, and Western sanctions have pushed some previously untouchable cybercriminals in the region to flee to jurisdictions in the EU.

Among those, a “prolific” Ukrainian cybercriminal was arrested by Dutch authorities after fleeing his native country in March last year and was under investigation for creating and selling RacoonStealer, a data theft malware that has been around since 2019.

A malware-as-a-service product, it was sold to clients – other criminals – for $200 per month, paid in cryptocurrencies, and is thought to have been used to steal data and drain the digital currency wallets of more than two million victims.

“Cyberattacks are expected to further increase as a criminal threat affecting the EU,” warned Europol. “Cybercriminals are likely to further embrace new technologies and maximize the reach of their services, with sensitive data as a core target.”

It added: “The crime-as-a-service ecosystem will further develop in order to service a wider criminal base.”