This is the moment cybersecurity is facing like never before. Ransomware actors, phishing attacks, and other fraudulent schemes have increased during the war in Europe and Asia. In the first half of 2024, a few groups reigned supreme on their ability to carry out effective and damaging ransomware attacks. Among them were Akira, LockBit, RansomHub, INC, Lynx and Sinobi. Together, these groups have victimized thousands of individuals and organizations, employing advanced techniques to encrypt files and exfiltrate sensitive data.
Just from the beginning of January 2024, more than 2,100 victims across Europe have appeared on extortion leak sites. Alarmingly, in 92% of these cases attackers encrypt files and steal data. The annual victim toll across Europe has dramatically soared, surging from 1,380 in September 2023-August 2024. This significant trend underscores the need for much-advanced cybersecurity practices to defend an increasingly toxic threat environment.
Malware has been increasingly cited as an attack vector. What we’re noticing, too, is a troubling rise in phishing campaigns across East and Southeast Asia. These campaigns have used multilingual lures to successfully attack governmental and financial institutions, demonstrating an evolution in more sophisticated tactics.
Ransomware Groups Dominate the Scene
The escalating scale and sophistication of ransomware groups’ recent operations are confirmation of an increasingly dangerous trajectory for cybercrime. Akira, LockBit, RansomHub, INC, Lynx, and Sinobi have been extremely effective at carrying out targeted attacks. Their tactics usually include encrypting victims’ files and requesting a ransom to decrypt them, a method that has been very profitable.
As of Winter 2024, these warlords’ groups have defended or committed hundreds of thousands of victims. The statistics reveal that over 2,100 individuals or organizations have been named on extortion leak sites since the beginning of the year. And 92 percent of these incidents include both file encryption and data exfiltration. This statistic really drives home the harsh consequences this swift liquidation has for the nonprofits involved.
Recently, anti-trafficking experts reported that this trend has increased the number of victims coming from Europe. From September 2024 to August 2025, the numbers skyrocketed up to 1,380. This unprecedented jump underscores the immediate importance of organizations to bolster their protections against these vile hackers.
“Security vulnerabilities can persist undetected for years, often resurfacing due to incomplete fixes.” – Check Point
The current state Reality is that the landscape changes quickly as these organizations hone and perfect their tactics. Organizations have to be cognizant and proactive about these trends if they are to safeguard their data and assets.
Phishing Campaigns Targeting Asia
Adding to the ransomware crisis, phishing campaigns have doubled across Asia. Recent reports indicated a staggering increase in such attacks leveraging multilingual ZIP file lures. What’s new right now, attackers are using common web templates to fool their victims.
These credential harvesting campaigns primarily target government and financial institutions in an effort to gain access to sensitive information. As Cisco Talos notes, “The follow-on phishing campaigns were primarily oriented towards credential harvesting.” This chilling incident is a clear reminder of how cybercriminals are always looking to pivot their attack vectors to prey on vulnerabilities best.
“Hunt.io elaborated on the sophistication of these phishing operations: “These operations are characterized by multilingual web templates, region-specific incentives, and adaptive payload delivery mechanisms.” Aside from the fact that cloned applications are being used, the case speaks to a more troubling trend about brand trust getting hijacked by bad actors.
“From China and Taiwan to Japan and Southeast Asia, the adversaries have continuously repurposed templates, filenames, and hosting patterns to sustain their operations while evading conventional detection.” – Hunt.io
Just like any battle, phishing actors will continue to find ways to circumvent existing technology, as soon as defenders strengthen their response defense against phishing attacks. This perpetual game of one-upmanship between cybercriminals and cybersecurity experts requires a constant state of alertness and adjustment.
Global Fraud Schemes Uncovered
In other news, Europol recently declared victory in one of the largest credit card fraud schemes ever busted–codename Chargeback. This shady enterprise swindled more than 4.3 million credit card customers around the globe. From 2016 to 2021, it defrauded an average of €300 million. To hide their operations, the syndicate used hundreds of shell companies — most were incorporated in the U.K. and Cyprus — to obscure their identity.
The massive joint law enforcement effort led to the seizure and arrest of 18 suspects. These people came from a broad range of nationalities, such as German, Lithuanian, Dutch, Austrian, Danish, American and Canadian. Included in those seized were actually five senior payment execs from four other German PSPs.
Europol’s findings revealed that 21 members and associates of the syndicate were convicted of various crimes, including fraud, homicide, and injury. This in-depth look at the investigation illustrates the worldwide nature of cybercrime and the cooperative work necessary to get these criminals convicted.
“National and local authorities have been informed and must assist with additional measures at a national level.” – Bernt Reitan Jenssen, chief executive of the Norwegian public transport authority Ruter
China has further sharpened its stance on cross-border scams by passing stringent rulings on recent trials. Most importantly, the Chinese government has sentenced five members of a Myanmar crime syndicate to death. This enforcement action is one of the latest shots fired in their unceasing battle against organized crime.
The Role of Technology in Cybersecurity
We know cyber threats are always changing. In reaction, cybercriminals have stepped up, and similarly, many organizations are using new technology—especially artificial intelligence (AI)—to fortify their cybersecurity infrastructure. Cyber professionals remind us that AI cannot replace human knowledge, which is still crucial to security efforts—even AI-driven ones.
Alexey Bukhteyev, a security researcher, remarked that “the use of AI doesn’t eliminate the need for human expertise.” This mood is palpable in cyber right now, where cyber professionals diligently work to introduce new technology while balancing the need for human control that’s essential for cyber’s success.
The testing of systems like XLoader had exposed these aforementioned risks requiring disclaimers to be written through manual review and made directed amendments. As Bernt Reitan Jenssen noted, “The testing revealed risks that we are now taking measures against.”
At the same time, Check Point has all too often seen the impact of security vulnerabilities that go undiscovered for months. One information disclosure vulnerability lived on for years even after receiving a partial fix. This highlights the need for testing as well as whitelisting and blacklisting for more robust cybersecurity practices.
“These operations demonstrate a clear shift toward scalable and automation-driven infrastructure.” – Hunt.io