Europe faces down threat actors

Europe is facing many of the same cybersecurity challenges as the rest of the world, and its proximity to conflict in Ukraine and Southwest Asia is making things worse.

That’s according to a new CrowdStrike report on the region, which identifies the threats from cybercriminals and nation states. Attacks from different eCrime syndicates have increased and “big game hunters,” attackers who take on large organizations, often find worthy targets in wealthy Europe.

Checking the health bar. In a roundtable on the report in late October, CrowdStrike SVP of Counter Adversary Operations Adam Meyers told reporters that the data shows “there’s a healthy ecosystem for buying access to compromised organizations.” Gangs in Eastern Europe who have been focused on attacking North American targets—who tend to pay more—easily translate their language skills to the UK, and also target neighboring Germany, France, Italy, and Spain.

“Five of the 10 most profitable companies in the world are based out of Europe, so it’s no surprise that we expect to see ransomware and eCrime targeting the European theater,” Meyers said. “It’s presumed to be a profitable endeavor by these threat actors.”

Overall, the cyber threats aren’t too different from those affecting the US, which makes sense given Europe is the second most-targeted entity behind North America, constituting 22% of CrowdStrike-tracked dedicated leak sites. The region’s wealth and power on the world stage make it a compelling target.

“There is a perception that there is a lot of robust economies in Europe that are ripe for targeting by these threat actors, and so as they look to expand their market of victims beyond North America and Australia and other English-speaking countries that they’ve historically targeted, Europe becomes an attractive target for them,” Meyers said.

Political espionage. There’s a political component to it, too. Nation states opposed to US and European policy in general—like Russia, China, North Korea, and others—try to gain an advantage via their tech capabilities. In Europe, the threat from Russian cyberattackers related to the invasion of Ukraine is real.

State-sponsored cyberattacks aim to disrupt intelligence gathering and operations as part of a general assault on the target country. Attackers aren’t above getting paid, either, whether to help fund covert operations or simply create chaos in the victim nation for the benefit of the attacker state.

“We’ve seen spear-phishing and hack-and-leak in order to collect intel, spread propaganda and disinformation, and to intimidate dissidents in the region,” Meyers said.

Threats can come from anywhere, and European power centers are seeing attacks that vary in scope and source location. China-related and North Korea-related attacks overlapped in their targeted countries, both including Spain, France, the UK, Italy, and the Netherlands over the past year. Russia focused more on central-Western and Eastern Europe, while Iran aimed at the UK, Germany, the Netherlands, and Switzerland.

Tactical defense. Protecting against attacks, Meyers said, involves a number of tactics: securing identity, taking care of cloud access, and eliminating cross-domain visibility gaps. Meyers recommended adversary-driven patching to ensure that the biggest threats are dealt with as quickly as possible.

“You have to know your adversary,” Meyers said. “You have to understand who these threat actors are, how they operate, what they’re after in order to properly defend your enterprise, your business.”