The year 2022 brought forth a number of developments in the cybercrime threat landscape related to the geopolitical turmoil caused by Russia’s war of aggression against Ukraine as well as law enforcement actions taken against threat actors and cybercriminal infrastructure.
Ransomware groups have remained the most outstanding threat and have established a clear approach of going after international companies, public organisations, critical infrastructure and essential services. According to the European Union Agency for Cybersecurity (ENISA) and reports from the private sector, ransomware attacks caused most concern for the manufacturing industry.
Affiliate programs remain the dominant form of business organisation for ransomware groups. They work closely with other malware-as-a-service groups and initial access brokers (IABs) to compromise high- evenue targets and post huge ransom demands, running into millions of Euros.
Cybercriminals continue targeting Android devices with mobile malware, but there were no campaigns as prolific as the ones reported in the IOCTA 2021, thanks to an international law enforcement action in May 2022 that took down the infrastructure of FluBot (mobile info-stealer).