Cyberattacks on critical targets in Europe doubled in 2020
New EU figures reveal that the number of cybercrimes targeting crucial institutions and organizations has doubled over the course of last year, as the COVID-19 pandemic forced people to stay indoors and online more than any other previous period of time had. The pandemic context left everyone more vulnerable to a cyberattack.
ENISA (the European Union Agency for Cybersecurity) reported 304 cases of significant malicious attacks against crucial sectors in 2020, more than double the ones recorded the previous year – 146 cyberattacks.
ENISA also reported a rise of 47% in the number of attacks on health care providers, such as hospitals and health care networks during the same year, indicating that cybercriminals sought to exploit vulnerabilities in the pandemic’s most important services for financial gain.
During the pandemic, “a lot of services were provided online and that happened in a kind of rush, so security was as an afterthought,” said the team leader for knowledge and information at ENISA, Apostolos Malatras.
British security firm Sophos conducted a survey on businesses, which concluded that the average financial harm caused by ransomware crime has also doubled in the year to date. The company estimated the damage for the previous year at $761,106, a figure that had leapt to $1.85 million by this year. This amount includes business loss, recovery and cleanup and illicit payments solicited by hackers.
Senior security adviser at Sophos, John Shier, said the rising damages indicate the increasing complexity of some cyberattacks. “It looks like they are trying to be more purposeful,” he added. “So they’re breaching companies, understanding exactly what company they breached and trying to penetrate as fully as possible, so that they can then extract as much money as possible.”
Both Malatras and Shier mentioned the newest threat in the field of cyberattacks is that of a “triple extortion.” First, ransomware attackers encrypt data on the targeted system and threaten to publish it, unless a significant payment is made. Then, if the compromised company refuses to pay, a third phase comes into action – criminals threaten to use the stolen data to blackmail its clients and contracts.
Shier said the the highest ransome payment he had heard of was $50 million. “If you are a customer of this company whose data has been stolen, they’ll threaten to release your information or they’ll also call other companies that are your partners,” he added.
Another threat that has gained popularity consists of fileless cyberattacks. The ransomware is not contained in a file and doesn’t need human interaction to seep into the operating system, hiding in the RAM. This type of malware is significantly more difficult for antivirus software to detect and remove.
Detecting ransomware transactions
Law enforcement and cybersecurity experts say that the best approach for targetted companies and institutions is to refuse to pay ransoms, as to not encourage attackers. But there is hope for the companies that accept to make the payment.
The technology used by security firms has developed to trace the crypto-currency, such as bitcoin, detecting illegal payments to criminals’ accounts. This was the case of the money paid to the Darkside group by the Colonial Pipeline, which was partially recovered by FBI investigators.
The complexity of the ways criminals hide the route of illegal payments is growing, said Tom Robinson, chief scientist at the Elliptic security firm. For example, some cyberattacks use “mixer wallets,” mixing users’ crypto-currencies, making it hard to trace ownership.
“It’s about identifying who the perpetrators are, but also ensuring that it’s very difficult for these criminals to cash out,” said Robinson. “It means there’s less of an incentive to commit this kind of crime in the first place.”
Providing Cybersecurity Awareness training for your employees and associates will spare you the significant financial discomfort necessary to recover from a cyberattack. Always consider human error the most common weak spot that hackers exploit to launch cyberattacks successfully.