03 March 2025

The report highlights a significant uptick in state-sponsored APTs due to geopolitical tensions, including conflicts in Ukraine, Russia, Israel, and Palestine. Government and military institutions top the list of targeted industries, followed by manufacturing, financial services, and IT sectors.

Ukraine emerges as a major target for hacktivism in Europe, with hacktivists using cyber techniques for political or social causes, aimed at disrupting opponents or spreading messages. Ukraine accounts for 16.9% of attacks, with government and military entities facing heightened levels of cyberattacks.

Globally, fraudulent schemes increased by 22% year-over-year. Europe's financial services industry is particularly affected, accounting for 34% of all scams. The most prevalent scams include investment fraud, romance, and tech support fraud. Phishing incidents are also on the rise, with over 80,000 phishing websites detected in 2024, marking a 22% increase from the previous year. In Europe, the travel industry has been significantly impacted, particularly during peak travel seasons, with phishing websites targeting this sector.

Cybercriminals are increasingly turning to advanced methods, utilising AI-generated deepfake technology to create realistic impersonations and bypass security measures. The Ransomware-as-a-Service (RaaS) market is expanding, with job postings for RaaS partnerships rising by 44%. Extortion tactics have become more prevalent, with a 10% increase in attacks published on Data Leak Sites (DLSs). Manufacturing remains the most targeted industry by ransomware groups such as LockBit and RansomHub. Meanwhile, the dark web continues to thrive as a marketplace for cybercriminals, with a 15% rise in Initial Access Brokers (IAB) operations. Europe experienced a 32% surge in such activities, with the UK being the top target, highlighting its vulnerability.

"Our report exposes the relentless expansion of the dark web economy, fuelled by increasingly sophisticated cybercrime tactics," said Dmitry Volkov, CEO at Group-IB. "Cybercriminals are not just exploiting vulnerabilities – they are weaponising geopolitical instability to cripple critical industries worldwide. APTs, data breaches, phishing, and ransomware do not occur in isolation, they feed off each other, forming a vast, interconnected threat network. The need to build resilient cybersecurity communities and adopt advanced security strategies has never been more critical to fight these threats before they evolve further. There is no time to waste – organisations must take proactive steps now to stay ahead of malicious actors."