Hackers-for-hire who offer their services to other criminals have emerged as the biggest threat to online security in the last 18 months, as the Covid-19 pandemic and home working create new opportunities for cybercriminals, the European Union Agency for Cybersecurity (ENISA) states in its ninth “threat landscape” report.
“The Covid-19 crisis has created possibilities for adversaries who used the pandemic as a dominant lure in campaigns for email attacks for instance. Monetisation appears to be the main driver of such activities,” it notes.
The study covers the period April 2020, when the first wave of the pandemic was underway through to July 2021 and aims to help governments and companies understand cybersecurity threats and develop
techniques to improve their resilience.
The health sector was a prime target over the period, particularly in the three months May to July this year as hackers searched for vaccine information, the study said. Public administration and government and
digital service providers also reported a high number of incidents.
Successful ransomware attacks
Recent high profile ransomware attacks include that against Colonial Pipeline in May, a United States pipeline system for refined oil products where hackers used a compromised password to trigger fuel
disruptions in the eastern US. Colonial paid the hackers, who were an affiliate of a Russia-linked cybercrime group known as DarkSide, a US$4.4m ransom. The following month saw meatpacker group JBS pay a ransom equivalent of US$11m following a cyberattack that disrupted its North American and Australian operations.
Hackers typically demand that the ransom is paid in cryptocurrency. Other growing cyber threats cited in the report include cryptojacking which reached a record high in the first quarter of 2021 and where a
criminal uses a victim's computing power to generate cryptocurrency; misinformation and disinformation.
ENISA recently launched SecureSME Tool, which aims to help smaller businesses in becoming digitally secure. The agency said the tool provides cybersecurity recommendations, guidelines and tips in a simple and user-friendly manner. There are instructions on how to protect employees, enhance processes, strengthen technical measures and overcome issues related to the pandemic. The tool also includes videos and information about related projects.
Like this item? Get our Weekly Update newsletter. Subscribe today