COVID-19 pandemic creates opportunities for cybercriminals


    - by David Goldstein -

    Cyber threats to businesses online and internet users are on the rise, the ENISA Threat Landscape 2021 report finds, with the largest threats being ransomware, followed by malware. And throughout 2020 and 2021 as people regularly worked from home throughout the COVID pandemic, spurred by an ever-growing online presence, the types of cyberattacks changed.
    As the ENISA Threat Landscape (ETL) 2021 report says, “cybersecurity threats are on the rise. Spurred by an ever-growing online presence, the transitioning of traditional infrastructures to online and cloud-based solutions, advanced interconnectivity and the exploitation of new features of emerging technologies such as Artificial Intelligence (AI), the cybersecurity landscape has grown in terms of sophistication of attacks, their complexity and their impact. Notably, the threat to supply chains and their significance due to their potentially catastrophic cascading effects has reached the highest position among major threats, so much so that ENISA produced a dedicated threat landscape for this category of threat.”

    “Cybersecurity must be seen as a strategic business issue that impacts decision-making”

    For businesses, cybersecurity is paramount. “Cybersecurity must be seen as a strategic business issue that impacts decision-making”, said Nancy Luquette, EVP, Chief Risk and Compliance Officer at S&P Global in another report, the World Economic Forum’s Global Cybersecurity Outlook 2022 Insight Report. “To mitigate risks like ransomware and social engineering, organisations must ask not simply how they are protected, but how well – with an eye to strength, sophistication and efficacy.”

    ENISA identified 8 Prime Threat Groups

    In their report, ENISA identified the following 8 prime threat groups that businesses need to be aware of:

    Ransomware: a type of malicious attack where attackers encrypt an organisation’s data and demand payment to restore access. It has been the prime threat during the reporting period.
    Malware: software or firmware intended to perform unauthorised processes that will have an adverse impact on the confidentiality, integrity, or availability of a system. Malware’s threat has consistently ranked high for many years, albeit at a decreasing rate during the ETL 2021 reporting period. The use of new attach techniques and some major wins for the law enforcement community have impacted the operations of relevant threat actors.
    Cryptojacking: Cryptojacking or hidden cryptomining is a type of cybercrime where a criminal secretly uses a victim’s computing power to generate cryptocurrency. With the proliferation of cryptocurrencies and their ever-increasing uptake by the wider public, an increase in corresponding cybersecurity incidents has been observed.
    Email related threats: Email-related attacks are a bundle of threats that exploit weaknesses in the human psyche and in everyday habits, rather than technical vulnerabilities. Interestingly and despite many awareness and education campaigns against these types of attacks, the threat persists to a notable degree. In particular, the compromise of business emails and advanced sophisticated techniques in extracting monetary gains are on the rise.
    Threats against data: encompassing data breaches/leaks, they are the release of sensitive, confidential or protected data to an untrusted environment. Data breaches can occur as a result of a cyber-attack, an insider job, unintentional loss or exposure of data. The threat continues to be high, since access to data is a prime target for attackers for numerous reasons such as extortion, ransom, defamation, misinformation.
    Threats against availability and integrity: Availability and integrity are the target of a plethora of threats and attacks, among which the families of Denial of Service (DoS) and Web Attacks stand out. Strictly related to web-based attacks, DDoS is one of the most critical threats to IT systems, targeting their availability by exhausting resources, causing decreases in performance, loss of data, and service outages. The treat is consistently ranked high in the ENISA threat landscape, both because of its manifestation in actual incidents and its potential for high impact.
    Disinformation – misinformation: Disinformation and misinformation campaigns are on the rise, spurred by the increased use of social media platforms and online media, as well as a result of the increase of people’s online presence due to the COVID-19 pandemic. Disinformation and misinformation campaigns are frequently used in hybrid attacks to reduce the overall perception of trust, a major proponent of cybersecurity.
    Non-malicious threats: These are threats commonly considered as voluntary and malicious activities brought by adversaries that have some incentives to attack a specific target, including threats where malicious intent is not apparent. These are mostly based on human errors and system misconfigurations, but they can also refer to physical disasters that target IT infrastructures.

    Cyber Threat Trends were also determined for 2021

    The ETL 2021 report also summarises the main trends observed in the cyber threat landscape during the reporting period. These are:

    • Highly sophisticated and impactful supply chain compromises proliferated, as highlighted by the dedicated ENISA Threat Landscape on Supply Chain. Managed service providers are high-value targets for cybercriminals.
    • COVID-19 drove cyber espionage tasking and created opportunities for cybercriminals.
    • Governmental organisations have stepped up their game at both national and international level.
    • Cybercriminals are increasingly motivated by monetisation of their activities such as ransomware, with record-high demands and likely record-high pay-outs.
    • Cybercrime attacks increasingly target and impact critical infrastructure.
    • Compromise through phishing e-mails, and brute-forcing on Remote Desktop Services (RDP) remain the two most common ransomware infection vectors.
    • The focus on Ransomware as a Service (RaaS) type business models has increased over 2021.
    • The occurrence of triple extortion ransomware schemes increased strongly over the course of 2021.
    • The malware decline that was observed in 2020 continues during 2021. In 2021, we saw an increase in threat actors resorting to relatively new or uncommon programming languages to port their code.
    • Malware targeting container environments have become much more prevalent, with novel evolutions like file-less malware being executed from memory.
    • Malware developers keep finding ways to make reverse engineering and dynamic analysis harder.
    • The volume of cryptojacking infections attained a record high in the first quarter of 2021, compared to the last few years. The financial gain associated with cryptojacking incentivised the threat actors to carry out these attacks.
    • The volume of Crypto mining in 2021 and cryptojacking activities are at a record high.
    • We can see that a shift from browser to file-based cryptojacking is taking place.
    • COVID-19 is still the dominant lure in campaigns for e-mail attacks.
    • Business E-mail Compromise (BEC) has increased, has grown in sophistication and become more targeted.
    • Phishing-as-a-Service (PhaaS) business model is gaining prevalence.
    • Threat actors shifted their attention towards vaccine information in the context of threats to data and information.
    • There was a surge in healthcare sector related data breaches.
    • Traditional DDoS (Distributed Denial of Service) attacks are moving towards mobile networks and IoT (Internet of Things).
    • Ransom Denial of Service (RDoS) is the new frontier of denial of service attacks.
    • Sharing of resources in virtualised environments acts as an amplifier of DDoS attacks.
    • DDoS campaigns in 2021 have become more targeted and much more persistent and increasingly multivector.
    • Artificial Intelligence (AI)-enabled disinformation supports attackers in carrying out their attacks.
    • Phishing is at the heart of disinformation attacks and strongly exploits people’s beliefs.
    • Misinformation and disinformation are at the core of cybercrime activities and is increasing at an unprecedented rate.
    • Disinformation-as-a-Service (DaaS) business model has grown significantly, spurred by the increasing impact of the COVID-19 pandemic and the need to have more information.
    • In 2020 and 2021, ENISA observed a spike in non-malicious incidents, as the COVID-19 pandemic became a multiplier for human errors and system misconfigurations, up to the point that most of the breaches in 2020 were caused by errors.
    • There has been a spike in cloud security non-malicious incidents.

    Ransomware is the current prime threat

    The current prime threat identified in the ETL 2021 report is ransomware. It causes business a lot of problems and costs including “the amount of ransom, downtime, and the cost of people and actual operational and technical remediation.” ENISA notes a survey across 30 countries found the overall cost of remediating a ransomware attack has vastly increased, from $761,106 in 2020 to $1.85 million in 2021.

    Another report from the World Economic Forum found ransomware attacks rose 151% in 2021 with an average of 270 cyberattacks per organisation during 2021, this a 31% increase on 2020. According to the WEF’s report, each successful cyber breach costing a company $3.6m. After a breach becomes public, the average share price of the hacked company underperforms the NASDAQ by -3 percent even six months after the event.

    “During a ransomware attack, key infrastructure is often targeted to paralyse the organisation, causing the inability to provide proper service and run internal operations. The average downtime of organisations has increased over the last year” increasing from 15 days in Q1 2020 to 23 days in Q2 2021.

    Aside from the incident costs, repercussions on business opportunities and revenues have also been observed. “A survey of 1,263 respondents reported that 66% of their organisations suffered significant revenue losses due to ransomware attacks, where company size appears to have minimal impact on revenue loss. The results underline the fact that every industry vertical is vulnerable to a statistically significant chance of revenue loss following successful ransomware.”

    Threat actors will likely target important geopolitical issues

    Looking forward, ENISA believes “threat actors will very likely continue pursuing their strategic objectives by conducting cyber-enabled information operations for the next decade focusing on important geopolitical issues like elections, public health, humanitarian crises, human rights, and security.” They further believe “threat actors will very likely continue leveraging the latest technology (e.g. Artificial Intelligence, deep fakes, voice biometrics) to impersonate individuals as part of their information operations.” And finally, that “it is possible that there will be increased leveraging of Information-Operations-as-a-Service together with increased competition of these disinformation networks.”

    It’s a view echoed by the World Economic Forum. As technologies evolve and new ones are developed, new threats emerge. “Frontier technologies like AI, robotics, quantum computing, the ever-evolving adoption of the internet of things (IoTs), cloud computing, blockchain and remote working/distance learning models represent the future of our digital world.”

    “The potential cyber risks and vulnerabilities of these new technologies should be on minds of every leader when considering technology adoption and implementation. Nearly half (48%) of the World Economic Forum’s Cyber Outlook survey respondents say that automation and machine learning will introduce the biggest transformation in cybersecurity in the short term future.”

    Please feel free to contact the Brandshelter team to learn how you can protect your business from cyberattacks.