International sanctions prompt Russian cybercriminals to find new ways to cope amidst growing financial pressures
On a Friday night in January 2022, Russian authorities swooped down on members of REvil, a ransomware gang blamed by the U.S. for more than $200 million of extortion payments as well as the Colonial Pipeline and JBS attacks. The FSB, Russia’s internal intelligence agency, arrested a dozen individuals and confiscated luxury cars, computers, cryptocurrency, and millions in rubles, dollars, and euros. At the time, these actions suggested Moscow was willing to honor American requests to suppress Russia’s highly active cybercriminal enterprises.
A month later, all cooperation vanished. Russia invaded Ukraine, the West coalesced around the Ukrainians, and the Russian government seemingly gave the okay for threat actors to go after whatever targets they pleased, as long as they were outside of Russia’s borders.
The fallout from the continued Russian-Ukraine conflict has affected cybersecurity throughout Europe, as detailed in our newest report, State of the Cybercrime Underground, 2023 EMEA Edition. The report is based on voluminous data-gathering throughout 2022 of cybercriminal activities on the deep, dark, and clear web.
Financial incentive for cybercrime
As state-funded agencies employ cyber warfare as part of the Russian military effort, cybercriminal and hacktivists groups have ramped up their attacks on non-Russian targets of all sorts. Civilian cybercriminals are partly motivated by nationalism, but financial incentives also play a significant role.
As international sanctions have taken their toll on the Russian economy, individual threat actors have sought alternative methods of maintaining their livelihoods. The country’s large and skilled IT sector and others may be replacing lost income through financially motivated crime.
These methods include:
Ransomware attacks targeting critical infrastructure, government entities, and businesses
Cryptocurrency-related schemes, such as cryptojacking and dark web transactions, along with various money laundering activities, allowing them to liquidate their non-sanctionable profits without being detected
Compromised payment cards to make purchases from sellers who no longer accept Russia-issued cards
Attacks on critical infrastructure and other vulnerabilities
As to be expected, the Russian side has unleashed a broad cyber attack campaign on Europe’s critical infrastructure, including energy, telecommunications, transportation, and healthcare. They have also targeted political entities, government agencies, and operational technology sectors. Russia has leveraged cyber operations to support their military objectives, conduct espionage, and cause harm throughout the region.
Other trends discussed in the report include the following:
Sophisticated threat actors are increasingly utilizing zero-day exploits, outsourcing expertise through the “as-a-service” business model, and seeking to compromise supply chain targets, gaining access to organizations through trusted third-party vendors.
Ransomware and attacks against availability were prevalent, with Distributed Denial of Service (DDoS) attacks increasing due to ongoing geopolitical conflict.
Phishing remained Europe’s most common vector for initial access compromise. Generative AI served as a new means of social engineering personalization in emails, making them highly convincing as threat actors exploited financial services, healthcare, and government sectors.
New technologies such as artificial intelligence (AI) and the Internet of Things (IoT) are likely to emerge as a popular target of exploitation. Attacks targeting AI and machine learning models are expected to proliferate as organizations rush to join the generative AI tech race.
Cloud service providers (CSPs), managed services providers (MSPs), and IT services organizations have become prime targets for state-backed groups, allowing them to get ready access to hundreds of victims at once.
A shift in credit-card fraud
Our research from 2022, highlighted in the report, showed that credit card fraud had dropped precipitously over the past several years. Unfortunately, we’re now seeing a shift, with this type of cybercriminal activity once again on the rise. We’ll look more closely at this trend and potential underlying causes in our next State of the Underground report, looking at important trends and developments in 2023.
Keeping the chaos from reaching your organization
With the Russia-Ukraine conflict having no end in sight and cybercriminals finding new ways of exploiting a wide range of targets, organizations must equip themselves with robust, automated defense tools and have a strategic view of global dangers. This is true for corporations and managed security service providers (MSSPs).
Cybersixgill maintains its robust monitoring of such dangers, informed as we are by collecting 10 million items daily from the deep, dark, and clear web.
Download your copy of our latest State of the Cybercrime Underground 2023 to better understand the threats posed to Europe and elsewhere so you can prepare accordingly.