Reading:
Spain Threat Landscape Report: E-Commerce & Finance Industries Under Attack

Spain Threat Landscape Report: E-Commerce & Finance Industries Under Attack

August 22, 2022

SOCRadar’s Threat Landscape Report this month aims to provide organizations located in Spain with a region-based understanding of evolving and emerging cyber threats. We hope our intelligence will help companies and nonprofits in their future projections and identify their cybersecurity needs.

SOCRadar’s analysis of the threat landscape covers the activity of threat actors, malware, and critical vulnerabilities in or targeting Spain. Download the full report to access all the insights featured in this report, which covers cyber incidents over the past 12 months.


90% of Spanish Organizations Cyber Attacked

The most striking of the SOCRadar analysts’ findings is that nearly 90% of organizations in Spain have suffered a successful cyberattack in the past year. Most of these attacks targeted the e-commerce and financial industries.

Most targeted industries in Spain (Source: SOCRadar)
Most targeted industries in Spain (Source: SOCRadar)

Threat actors are primarily interested in e-commerce and banking industries in Spain, according to data SOCRadar DarkMirror detected in underground forums and Telegram channels. These are followed by the telecommunications, energy, media, and entertainment industries.

Ransomware Targets Manufacturing in Spain

Over the past year, ransomware attacks have become a nightmare for organizations in Spain. The use of the double extortion technique by many ransomware groups has increased the financial damage and dealt a heavy blow to the products and services of the victims.

A quick look at the ransomware attacks in Spain also revealed that threat actors do not hesitate to target critical infrastructure. For example, LockBit 2.0 announced that it targeted Hospital San Jose in the Canary Islands on May 25, 2022.

Distribution of ransomware gang activities targeting Spain (Source: SOCRadar)
Distribution of ransomware gang activities targeting Spain (Source: SOCRadar)

SOCRadar analysts have detected 150 ransomware attacks in Spain in the past 12 months. The average ransom was €19,400, with 64% of targeted organizations agreeing to pay the ransom.

According to the intelligence we got from SOCRadar DarkMirror, ransomware gangs mostly targeted the manufacturing industry in Spain, followed by the IT, shipping & logistics, and chemical & pharmaceutical industries.

Over 1 Billion Exposed Credentials

Stealing credentials is the technique most commonly used by threat actors to gain initial access to victim systems. They cause significant damage to organizations, especially with BEC attacks against employees at the executive level. The breach datasets and dark web forum posts analyzed in detail by SOCRadar showed that over 1 billion users’ credentials were exposed in Spain.

IBM’s Cost of a Data Breach report released earlier this month revealed that the primary attack vector for data breaches is stolen credentials. These breaches, which are the most costly, are also used as leverage by ransomware and APT groups.

SOCRadar’s Other Key Findings

Top 5 malware:

  • Trojan-Ransom.Win32.GenericCryptor.pref
  • Trojan-Ransom.JS.Alien.gen
  • Trojan-Ransom.Win32.Crypren.gen
  • Trojan-Ransom.Win32.Crymodng.gen
  • Trojan-Ransom.Win32.Gen.gen

Top 5 exploits:

  • Exploit.MSOffice.CVE-2018-0802.gen
  • Exploit.Win32.CVE-2010-2862.a
  • Exploit.MSOffice.CVE-2017-11882.gen
  • Exploit.HTTP.CVE-2017-5638.gen
  • Exploit.OLE2.Wahel.a

Download the full report to access more insights about the phishing landscape, DDoS attacks, state-sponsored APT activities, and more in Spain.