The European Union’s Cybersecurity Agency, ENISA, told CNN there were 304 significant malicious attacks against “critical areas” in 2020, more than double the 146 recorded the year before.
The agency also reported a 47% increase in attacks on hospitals and healthcare networks over the same period, as the same criminal networks sought to take advantage of the pandemic’s most vital services.
The figures show the growing global impact of cyber attacks, often in the form of ransomware, which recently wreaked havoc in the United States when the Darkside Group targeted the Colonial Pipeline network causing queues at gas stations by fear of shortage.
The pandemic meant that “a lot of services were being delivered online and it happened in a sort of rush, so security was just an afterthought,” said Apostolos Malatras, team leader for knowledge. and information to ENISA. At the same time, people stayed inside and had time to explore vulnerabilities in critical systems and infrastructure, he added.
Business surveys by UK security firm Sophos have also concluded that the average cost of a ransomware attack has doubled since the start of the year. The survey put the cost for 2020 at $ 761,106, but that year that figure had jumped to $ 1.85 million. The cost includes insurance, business losses, cleaning, and any ransomware payments.
The increase in costs reflects the greater complexity of some attacks, said John Shier, senior security advisor at Sophos, who added that while the number of attacks has decreased, their sophistication has increased.
“Looks like they’re trying to be more determined,” Shier said. “So they rape businesses, understand exactly which business they’ve violated, and try to break in as completely as possible, so that they can then extract as much money as possible.”
Both Shier and Malatras have pointed to the latest threat of a “triple extortion”, in which ransomware attackers freeze data on a target’s systems via encryption and extract it so that they can threaten to release it to the Internet. line. They said the attackers then adopted a third phase, using that data to attack the target’s systems and blackmail their customers or contacts.
“If you are a customer of this company whose data has been stolen, they will threaten to release your information or they will also call other companies that are your partners,” Shier said. He added that the highest ransom payment he had heard of was $ 50 million.
Another threat involves “fileless attacks” in which the ransomware is not contained in a file, normally accessible by human error, such as clicking on a suspicious link or opening an attachment. Fileless attacks infiltrate a computer’s operating system and often live in its RAM memory, making it more difficult for antivirus software to locate them.
The US Department of Justice last week announced plans to coordinate its anti-ransomware efforts with the same protocols as for terrorism, and the Biden administration is considering offensive action against major ransomware groups and cybercriminals.
The approach would be in line with that taken by other allies, including the UK, which publicly acknowledged in November the existence of a National Cyber Force (NCF) to target key threats against the UK online. A spokesperson for GCHQ, the UK’s signals intelligence and information security organization, told CNN: “Last year we admitted that the NCF, a partnership between GCHQ and the Department of Defense, was tasked with disrupting adversaries … state activities, terrorists and criminal networks threatening the security of the UK. “
Tracing criminal transactions
While law enforcement and security experts say the best policy is not to pay ransoms as they encourage criminals, there is some hope for companies paying.
Better technology allows some security companies to trace cryptocurrency, typically bitcoin, as criminals move it around different accounts and cryptocurrencies.
Cybersecurity firm Elliptic, which aided the FBI in this research, said the short time Darkside had the money meant he was unable to properly cyber-launder the funds, so that the road was easy to discover.
“Right now, criminals want to cash in euros or whatever in order to profit from their criminal activity,” said Tom Robinson, chief scientist at Elliptic. This meant that the cryptocurrency was typically sent to a financial exchange in the real world, to be turned into real money, he said.
“If the exchange is regulated, you need to identify their customers and report any suspicious activity,” Robinson said.
The tricks used to hide the route of illicit cryptocurrency by criminal groups are becoming increasingly complex, he said. Some use “shuffle wallets,” which allow users’ cryptocurrencies to be shuffled – like shuffling used banknotes – making ownership difficult to trace. Robinson said regulating these wallets and all exchanges will help slow criminal incentives to use ransomware.
“It’s about identifying who the perpetrators are, but also about making sure it’s very difficult for these criminals to cash in,” Robinson said. “It means there is less incentive to commit this kind of crime in the first place.”