Europe Faces a New Wave of Cyber Attacks in 2023

Mandiant’s security experts give their assessment from a cyber threat perspective for 2023 in their Cyber Security Forecast 2023, according to which things look bleak for EMEA.

Russia expands its targets in Europe

Since the conflict began, much of Russia’s cyber activity has been focused on Ukraine. In 2023, Russia could expand its cyber operations within Europe. Physical clashes are likely to decrease during the winter months, which could provide Russian cyberattackers with more capacity for operations. Last year, Russia typically conducted information gathering campaigns against European organizations outside of Ukraine, while most disruptive and destructive attacks took place inside Ukraine. This could change in 2023, with Russia using more of its (possibly increased) disruptive cyber capabilities against European organizations. This could affect a range of organizations, including energy and military suppliers, logistics companies involved in delivering goods to Ukraine, and organizations involved in sanctions implementation and enforcement.

European energy worries migrate to cyber space

Concerns about energy supplies and prices in Europe are likely to take the form of malicious cyber operations. Mandiant has already seen an increase in energy-related phishing campaigns. Ransomware groups are known for targeting hard-pressed industries. The relentless attacks on healthcare during the pandemic demonstrated this. European energy companies could come under increased attack in the coming winter months.

European energy suppliers are also a target for attackers backed by the Russian state. These will continue to try to put pressure on countries involved in Russian sanctions regimes or attempt to reduce their dependence on Russian energy. Pressure on European energy supplies will also increase interest in non-European energy suppliers. Oil and gas availability, price adjustments planned by organizations such as OPEC, and evolving government energy policies will become important targets for government intelligence agencies to gather information.

Furthermore, the energy crisis in Europe could lead to increased targeting of critical infrastructure. This is already at risk of destructive cyberattacks when nations are in conflict. The energy crisis adds to the threat. For example, critical infrastructure could become the target of ransomware campaigns designed to disrupt energy and power supplies.

Ransomware: Europe could overtake the U.S.

Ransomware continues to have a significant impact on businesses around the world. According to reports, while the U.S. is the most frequent target of ransomware attacks globally, there are indicators that ransomware activity is declining in the U.S. and increasing in other regions. In Europe, the number of victims is increasing, and if this increase continues, Europe will likely be the most affected region in 2023. The United States has been very vocal about policies, sanctions, and the possibility of a backlash in the cyber space regarding ransomware and other attacks. However, it is difficult to say whether the aggressive stance on ransomware will actually deter attacks.