Threat Landscape
  • April 14 2023

European nations cannot take the ongoing Russian-Ukrainian conflict lightly because both these countries are adept at fighting cyber wars. So, the cyber threat landscape will remain gloomy for Europe and globally until hostilities cease. Let's see how the recent developments have impacted the threat landscape over the last six months in Europe

Europe started getting jittery as Russia planned to attack Ukraine. It wasn't only because of an imminent threat of hostilities escalating towards a world war but the possibility of the physical attack turning into cyber warfare. Russia and Ukraine have a long history of being at loggerheads with each other, with both countries possessing equal capabilities of launching into a full-fledged cyber war. So, the natural question would be how a cyber war between these two nations would endanger other European countries? The threat of a cyber war between the two cyber-equipped countries can have lasting repercussions on information systems across Europe and the world.

The most significant cyber incidents in recent months

Both nations under conflict have been launching cyber-attacks against each other, ranging from small-scale website hacks to infrastructure-crippling ones. However, besides the ongoing conflict, there were quite a few incidents that made headlines:

  • The Log4j issue had globally sent many organisations scrambling for quick patching solutions. And according to Fortinet's Global Threat Landscape Report of 2022, Apache.Log4j was the most prevalent exploit of the last six months in Europe that had no activity in the six months prior. And it certainly proves the point that the new threats will continue to surface
  • It's not just the large financial institutions or organisations; the information systems of one of the largest library services in Germany, EKZ Bibliotheksservice, were also infected with the ransomware
  • In May 2022, Greenland's healthcare services were impacted by cyber-attacks on its information systems, crippling the nationwide healthcare services
  • The European Commission acknowledged the evolving threat landscape and proposed new regulations to boost cybersecurity in EU institutions and organisations to strengthen their cyber resilience and incident response capacities against cyber threats and incidents
  • Nearly six Russian nation-state hacking groups launched more than 237 cyber operations against Ukrainian government agencies and businesses. The objective was espionage, gathering intelligence, and spreading misinformation
Ransomware and DDoS attacks remain the preferred cyber attacks of threat actors

Ransomware attacks continue to target both governmental and non-governmental entities across Europe; for example, ASST Fatebenefratelli Sacco – an Italian healthcare organisation, and Vivalia hospital in Belgium were hit by ransomware attacks in the last few months.To top them all, the BlackCat ransomware gang targeted Carinthia (Austria), which brought passport issuance to a halt while also affecting the region's telephone systems, email service, and website. Furthermore, In Q1 2022, Conti, LockBit, and Alphv were the most active ransomware groups in Europe. DDoS attacks have increased since February 2022, with target network systems in Kyiv, Mariupol, and Luhansk. However, the attacks have spilled over to other countries. For example, Cloudflare's report states that the network-layer attacks have increased by 71% YoY and the application-layer attacks by 164%. In addition, Kaspersky reports indicate a 450% increase in DDoS in Q1 2022 compared to Q1 2021

The Killnet hacktivist group has taken responsibility for a series of recent DDoS attacks against several European nations, including Italy, Germany, Latvia, Poland, and Romania.

What do the trends indicate?

Though Russia has not directly launched attacks against NATO allies, the threat is omnipresent. So, the US and other European nations must be on guard 24x7x365. In addition, the US and other European countries have imposed economic sanctions against the nation. That should provoke Russia to retaliate with strong cyber-attacks against the US and European nations. Russia has always been the hotbed of activities when it comes to ransomware attacks. A cyber warfare situation should be the ideal setting for state-sponsored threat actors to launch these attacks globally. Nobody likes being pushed into a corner, least of all a powerful and dominant superpower!

Final Words - The Road Ahead

The ongoing Russian-Ukrainian conflict has affected not just civilians of the two nations but the whole of Europe, as today's warfare isn't only limited to physical weaponry. With cyber warfare emerging and evolving at a tremendous pace, no country can afford to let its guard down when it comes to protecting the nation's information assets. Europe has been taking cybersecurity seriously for the last few years. Currently, the legislation for the NIS2 directive is in progress, which would expand the scope of the NIS directive, helping strengthen cybersecurity in organisations across Europe