JBS USA paid US $ 11 million after cyberattack 0:55
(CNN) -
Serious cyberattacks against critical targets in Europe doubled in the past year, according to new figures from the European Union, obtained by CNN, as the pandemic pushed life indoors and on the Internet.
The European Union Cybersecurity Agency (ENISA) told CNN that there were 304 significant and malicious attacks against "critical sectors" in 2020, more than double the 146 recorded the previous year.
The agency also reported a 47% increase in attacks on hospitals and health networks in the same period, as criminal networks tried to take advantage of the most vital services of the pandemic.
JBS Says It Paid US $ 11 Million Ransom After Cyberattack
The figures show the growing global impact of cyberattacks, often in the form of
ransomware
, a type of attack that recently wreaked havoc in the United States when the Darkside group turned its attention to the Colonial Pipeline network by causing queues at gas stations out of fear of shortage.
The impact of the pandemic
The pandemic led to “many services being delivered online and that happened in a bit of a rush, so security was left as an idea for later,” said Apostolos Malatras, ENISA's Knowledge and Information team leader.
At the same time, people stayed home and had time to explore vulnerabilities in critical infrastructure and systems, he added.
advertising
The Darkside group's attack on the Colonial Pipeline network caused queues at gas stations in the US for fear of shortages.
Surveys of companies by British security company Sophos also found that the average cost of a
ransomware
attack
has doubled so far this year.
The survey estimated the cost for 2020 at $ 761,106, but this year that number has skyrocketed to $ 1.85 million.
This includes insurance, business loss, cleaning, and any cyber-blackmail payments.
Rising costs reflect the greater complexity of some attacks, said John Shier, Sophos Senior Security Advisor, adding that while the number of attacks has decreased, their sophistication has increased.
"They seem to be trying to be more intentional," Shier said.
"So they are entering companies, understanding exactly which company they have violated and trying to penetrate as completely as possible, so that they can then extract as much money as possible."
New threats
Both Shier and Malatras pointed to the recent "triple extortion" threat, in which
ransomware
attackers
freeze data on a target's systems using encryption, and extract it so they can threaten to post it online.
They said the attackers then move into a third phase, using that data to attack the target's systems and blackmail their customers or contacts.
"If you are a customer of this company whose data has been stolen, they will threaten to release your information or they will also call other companies that are their partners," Shier said.
He added that the highest ransom payment he had ever heard of was $ 50 million.
This is how Colonial Pipeline was hacked 2:51
Another threat is "fileless attacks", in which the
ransomware
is not contained in a file, which is usually accessed by human error, such as clicking a suspicious link or opening an attachment.
Fileless attacks seep into a computer's operating system and often live in its RAM memory, making it more difficult for
antivirus
software to
locate them.
The US Department of Justice announced last week its plans to coordinate its anti-
ransomware
efforts
with the same protocols it uses for terrorism, and the Biden Administration is considering offensive action against major players.
ransomware
groups
and cybercriminals.
Tracking criminal transactions
The approach would be in line with that taken by other allies, including the UK, which - in November - publicly acknowledged the existence of a National Cyber Force (NCF) to deal with the world's main online threats. UK. A spokesman for GCHQ, the British information security and signals intelligence organization, told CNN: “Last year we unveiled the NCF, a partnership between GCHQ and the Ministry of Defense, with the mission of disrupting the adversaries […] using cyber operations to disrupt the activities of hostile states, terrorists and criminal networks that threaten UK security. '
Although law enforcement and security experts say the best policy is not to pay ransoms, as ransoms encourage criminals, there is some hope for companies that pay.
Improved technology allows some security companies to track cryptocurrency, typically bitcoin, as criminals move it through different accounts and cryptocurrencies.
This week, FBI investigators were able to recover part of the money paid to the
Darkside
ransomware
group
for the release of the hacked Colonial Pipeline data, following an attack that caused a major disruption to fuel supplies in the United States.
In 2020, there were 304 significant and malicious attacks against "critical sectors" in Europe, more than double the 146 registered the previous year, according to EU figures.
Cybersecurity firm Elliptic, which assists the FBI in these types of traces, said the short time Darkside had the money meant it was unable to properly launder the funds, so the route was easy to uncover.
The cryptocurrency route
"Right now, criminals want to charge in euros or whatever to profit from their criminal activity," said Tom Robinson, Elliptic's chief scientist.
This means that the cryptocurrency is usually sent to a financial exchange in the real world, to be converted into real money, he said.
"If the exchange is regulated, you have to identify your customers and report any suspicious activity," Robinson said.
The tricks used to conceal the "dirty" cryptocurrency route from criminal groups are becoming increasingly complex, he said.
Some use 'mixed wallets', which allow users' cryptocurrencies to be mixed - as if they were used banknotes - making it difficult to track ownership.
Robinson said that regulating these wallets and all exchanges would help curb criminal incentives to use cyber blackmail.
"It's about identifying the perpetrators, but also about ensuring that these criminals find it very difficult to collect," Robinson said.
"It means there is less incentive to commit these types of crimes in the first place."
cyber attack pandemic
