(CNN) — Serious cyberattacks against critical targets in Europe doubled in the past year, according to new figures from the European Union, obtained by CNN, as the pandemic pushed life indoors and online.
The European Union Cybersecurity Agency (ENISA) told CNN that there were 304 significant and malicious attacks against “critical sectors” in 2020, more than double the 146 recorded the previous year.
The agency also reported a 47% increase in attacks on hospitals and health networks in the same period, as criminal networks tried to take advantage of the most vital services of the pandemic.
The figures show the growing global impact of cyberattacks, often in the form of ransomware, a type of attack that recently wreaked havoc in the United States when the Darkside group turned its attention to the Colonial Pipeline network by causing queues at gas stations for fear of shortages.
The impact of the pandemic
The pandemic led to “many services being delivered online and that happened in a bit of a rush, so security was left as an idea for later,” said Apostolos Malatras, ENISA’s Knowledge and Information team leader. At the same time, people stayed home and had time to explore vulnerabilities in critical infrastructure and systems, he added.
Surveys of companies by the British security company Sophos also found that the average cost caused by a security attack ransomware it has doubled so far this year. The survey estimated the cost for 2020 at $ 761,106, but this year that number has skyrocketed to $ 1.85 million. This includes insurance, business loss, cleaning, and any cyber-blackmail payments.
Rising costs reflect the greater complexity of some attacks, said John Shier, Sophos Senior Security Advisor, adding that while the number of attacks has decreased, their sophistication has increased.
“They seem to be trying to be more intentional,” Shier said. “So they are entering companies, understanding exactly which company they have violated and trying to penetrate as completely as possible, so that they can then extract as much money as possible.”
Both Shier and Malatras pointed to the recent “triple extortion” threat, in which attackers from ransomware they freeze data on a target’s systems using encryption, and extract it so that it can threaten to be published online. They said the attackers then move into a third phase, using that data to attack the target’s systems and blackmail their customers or contacts.
“If you are a customer of this company whose data has been stolen, they will threaten to release your information or they will also call other companies that are their partners,” Shier said. He added that the highest ransom payment he had ever heard of was $ 50 million.
Another threat is ‘fileless attacks’, in which the ransomware it is not contained in a file, which is normally accessed by human error, such as clicking a suspicious link or opening an attachment. Fileless attacks seep into a computer’s operating system and often live in its RAM memory, making it more difficult for the computer to software antivirus locates them.
The US Department of Justice announced last week its plans to coordinate its efforts against the ransomware with the same protocols it uses for terrorism, and the Biden Administration is considering offensive action against major groups of ransomware and cybercriminals.
Tracking criminal transactions
The approach would be in line with that taken by other allies, including the UK, which – in November – publicly acknowledged the existence of a National Cyber Force (NCF) to deal with the world’s main online threats. UK. A spokesman for GCHQ, the British information security and signals intelligence organization, told CNN: “Last year we unveiled the NCF, a partnership between GCHQ and the Ministry of Defense, with the mission of disrupting the adversaries […] using cyber operations to disrupt the activities of hostile states, terrorists and criminal networks that threaten UK security. ‘
Although law enforcement and security experts say the best policy is not to pay ransoms, as ransoms encourage criminals, there is some hope for companies that pay.
Improved technology allows some security companies to track cryptocurrency, typically bitcoin, as criminals move it through different accounts and cryptocurrencies.
This week, FBI investigators were able to recover some of the money paid to the group of ransomware Darkside for releasing the hacked Colonial Pipeline data, following an attack that caused a major disruption to fuel supplies in the United States.
Cybersecurity firm Elliptic, which assists the FBI in these types of traces, said the short time Darkside had the money meant it was unable to properly launder the funds, so the route was easy to uncover.
The cryptocurrency route
“Right now, criminals want to charge in euros or whatever to profit from their criminal activity,” said Tom Robinson, Elliptic’s chief scientist. This means that the cryptocurrency is usually sent to a financial exchange in the real world, to be converted into real money, he said.
“If the exchange is regulated, you have to identify your customers and report any suspicious activity,” Robinson said.
The tricks used to conceal the “dirty” cryptocurrency route from criminal groups are becoming increasingly complex, he said. Some use ‘mixed wallets’, which allow users’ cryptocurrencies to be mixed – as if they were used banknotes – making it difficult to track ownership. Robinson said that regulating these wallets and all exchanges would help curb criminal incentives to use cyber blackmail.
“It’s about identifying the perpetrators, but also about ensuring that these criminals find it very difficult to collect,” Robinson said. “It means there is less incentive to commit these types of crimes in the first place.”