Group-IB, a leading creator of cyber technology for tracking, preventing, and combating digital crime, has unveiled a comprehensive overview of the cyber threat landscape in the European region for the years 2023/2024 in its annual report, Hi-Tech Crime Trends. The report provides detailed analyses of the evolution of cybersecurity challenges in Europe.
In 2023, Group-IB researchers identified a 52% increase in ransomware attacks in Europe, with major targets being companies in the manufacturing, real estate, and transportation sectors. The United Kingdom, France, and Germany maintained their status as the most frequently targeted countries by criminal entities employing Ransomware-as-a-Service (RaaS). Throughout 2023, the region witnessed 108 cyberattacks conducted by various hacker groups supported by states, with governmental and military institutions being prime targets, accounting for 48 attacks. Information stealers posed a significant concern, affecting 250,000 infected devices in Europe, a 23% increase compared to 2022, with their logs shared on Underground Clouds of Logs (UCL) and an additional 647,485 hosts, whose logs were offered for sale on underground markets, marking a 28% increase from the previous year. Meanwhile, there was a 7% decrease in the number of initial access offerings to compromised networks in the region.
Europe in the Crosshairs
Group-IB analysts discovered that in the previous year, the European region ranked second in terms of advanced persistent threats (APTs) attacks. In 2023, Group-IB attributed 523 attacks to hacker groups controlled by regime governments worldwide, with attacks on European organizations accounting for 21% of the global total. Ukraine was the primary target of attacks involving government-controlled hacker groups, followed by Poland, Germany, France, and Italy.
Ransomware Chronicles: Double Surge in 2023
Ransomware attacks remained a significant threat to the European market, with the region becoming the second most targeted after North America. The manufacturing sector was the most frequently targeted, followed by real estate and transportation. LockBit led as the most active ransomware group in Europe, followed by Play and Black Basta. The United Kingdom, France, and Germany experienced notable increases in ransomware attacks.
Slowdown in Broker Activity
Entities offering ransomware attacks experienced a slight decline in 2023, with access to corporate networks being offered for sale 628 times, a 7% decrease from the previous year. The professional services sector was most affected by this phenomenon, followed by production and trade sectors.
Raccoon and Friends
Information stealers emerged as one of the primary methods for cybercriminals to gain access to corporate networks, with Raccoon, LummaC2, and RedLine Stealer being the most popular among cybercriminals targeting the region.
Leak Wave
In 2023, Europe detected 386 new cases of data leaks, resulting in over 292 million data strings being exposed. France, Spain, and Italy were the most affected countries. Email addresses, phone numbers, and passwords were among the most common data exposed, posing significant risks to users.
The Hi-Tech Crime Trends 23/24 report by Group-IB highlights shifts in hacker group behaviors, the emergence of new Techniques, Tactics, Procedures (TTPs), and overall trends shaping the evolving cybersecurity threat landscape. The report provides practical insights for a wide range of experts, including CISOs, SOC and DFIR teams, malware researchers, and threat hunting experts, enabling them to analyze cybersecurity policies, adjust security settings, and enhance their knowledge to counter cyber threats relevant to their industries.