Welcome to The Phish Bowl, a cybersecurity podcast hosted by seasoned cyber threat intelligence analysts Mike Kosak and myself, Stephanie Schneider. We decode the latest global risks and digital defense strategies. Each month, we dive deep into emerging cyber threats, advanced persistent actors, and the evolving tactics shaping the security landscape. Whether you’re a CISO, security researcher, IT professional, or policy leader, this podcast delivers actionable intelligence and thought leadership to help you anticipate and defend against tomorrow’s cyber challenges.
In our November episode, we turn our focus to Europe’s threat landscape. For our special guest, we'll be speaking with Lauren Goldman, the Former Director of Analytic Integration at the Office of the Director of National Intelligence’s Cyber Threat Intelligence Integration Center about the impact to information sharing and critical infrastructure security as the US government draws down the Cybersecurity and Infrastructure Security Agency (CISA) and the potential implications if Cybersecurity Information Sharing Act of 2015 (CISA 2015) lapses.
We’re now firmly in the middle of the holiday season, between Thanksgiving and the end of the year, which is a busy time of year trying to wrap up pending work tasks by end of year while simultaneously crossing items off our gift lists. Mike and I really seem to be feeling it because we both had similar responses to the question, “What movie title we would give to our lives in this exact moment if they were movies?” Mike came up with “Fumbling Towards the Future,” while my response was “Speeding Towards the Edge.” “What edge?” Mike asked. Good question, Mike…perhaps the bleeding edge of enlightenment, or at the precipice of losing my sanity, whichever way you want to interpret that. Guess we’ve all got to hang on because it’s going to be a wild ride heading straight into the end of the year!
Europe cyber threat assessment: Which industries are on the most targeted list?
Ransomware and extortion pose some of the biggest threats to Europe and continue to impact the region in a major way.
Europe has become the second most targeted region for ransomware and extortion, and ransomware was identified as the most impactful threat in the EU by ENISA’s Threat Landscape Report 2025. The region accounts for approximately 22% of victims worldwide, with the UK, Germany, Italy, France and Spain being the most heavily targeted countries. This trend has continued as ransomware attacks reached record levels across the region in Q3 2025 and surged 25% on a global level in October.
Qilin was the most active ransomware group targeting the region from January 1 through October 31, followed by Akira and Safepay. High-value industries frequently under attack included Manufacturing, Legal & Professional Services, Construction & Engineering, Retail, and Technology. The increasing adoption of AI-enhanced phishing and social engineering, designed to facilitate ransomware deployment and other malicious activities, poses a significant and growing threat.
Which critical infrastructure and key resources are attackers targeting in the EU?
Critical infrastructure faces greater risk than other sectors because it is an attractive target for diverse threat groups and often suffers from weaker security standards due to limited funding and resources. Attacks on critical infrastructure that are paired with ransomware and supply chain compromise can be even more impactful.
Financially motivated groups realize this sector cannot afford to be down for long and so may be more willing to pay ransom or extortion demands to get back online quickly. For instance, the Collins Aeorspace attack the Everest ransomware gang claimed in September had significant impact, combining ransomware and supply chain attacks. This incident caused flight delays and cancellations across multiple airports including major hubs at Heathrow, Brussels, Berlin, and Dublin. Nation-states and hacktivists have also targeted European critical infrastructure for espionage and pre-positioning in the event of an active conflict and disruption, respectively.
Our special guest Lauren Goldman talked about how critical infrastructure is interconnected and essential to our collective security. When something in one critical sector goes down, it can have cascading effects in other areas.
Why is information sharing critical in cybersecurity?
Information sharing is critical for our collective defense. A rising tide lifts all ships. We are all safer when we can share information that can be used to protect ourselves by having a leg up on attackers.
Lauren discussed several recent changes around information sharing, both internal and external to the United States. When it comes to information sharing around critical infrastructure, Lauren explained there’s less government visibility into what’s happening because a lot of critical infrastructure is privately owned and operated by small businesses that are not necessarily resourced to protect against cyber threats. With the expiration of the Cybersecurity Information Sharing Act (CISA 2015) on September 30 and no clear path forward for its reauthorization, private industry may feel more apprehensive about sharing with government now that the previous legal systems that were in place to protect them are now gone.
A separate program, known as the State and Local Cybersecurity Grant Program (SLCGP), expired at the same time as CISA 2015. These are two distinct programs but are being managed and extended together since mid-November. SLCGP provides federal funding to state, local, tribal, and territorial governments to enhance their cybersecurity defenses.
The Cyberspace Solarium Commission (CSC) was another information sharing effort with a broad mandate to develop a national strategy to defend against cyber threats. It started as a United States bipartisan, congressionally mandated intergovernmental entity that ended as a government entity in December 2021 and transitioned its work into a non-profit called CSC 2.0. There was a realization that government agencies could help fill intelligence sharing gaps between the public and private sectors, sharing valuable, actionable information with private-sector individuals with government clearances.
When intelligence provided by these information sharing groups is taken away, that also diminishes resources and our collective resilience. If these programs were to end, this would negatively impact us all and prevent our ability to warn others of emerging and active threats.
Note: At the time of the podcast recording, CISA 2015 had expired. CISA 2015 was recently temporarily reauthorized in mid-November through January 30, 2026; however, the path for a more permanent reauthorization is currently unclear.
Underrated threats we shouldn’t ignore: hacktivism and DDoS
Lastly, we can’t discount simpler attacks from hacktivists and distributed denial-of-service (DDoS), especially when it comes to potential impact for small to midsize businesses (SMBs). These approaches are still very effective against organizations that may not have the same high-level protection in place of a financial institution, for instance. The assumption that just because you're a small organization means that you're not going to be on the radar of cybercriminal groups isn’t the case. Ransomware and other cybercriminal groups go after these smaller, lesser resourced organizations because they assume they’re easier targets.
As an example, the pro-Russian hacktivist group NoName057(16) has targeted different countries in Europe for their pro-Ukraine stance. The group is associated largely with DDoS attacks and has successfully taken down services of critical infrastructure services across Europe. Since November 2023, German authorities have recorded 14 waves of attacks affecting more than 250 entities. While most attacks have caused minimal disruption, the group’s decentralized model and use of botnets has been described as an escalating threat.
Listen to the full episode
Catch the full episode and additional resources for more cyber threat insights from the LastPass Threat Intelligence, Mitigations, and Escalations (TIME) Team.
- Listen to the full episode of The Phish Bowl wherever you get your podcasts:
- Subscribe for monthly threat intel deep dives.
- Access LastPass's Regional Report for detailed analysis of recent Europe trends and activity.
- Check out the LastPass Labs blog for more insights.
We’ll be back next month to talk about threat activity and trends in North America, along with a corresponding regional report!
