The number of cyber attacks on critical targets (KRITIS) in Europe doubled in 2020. Cyber attacks on critical infrastructures have become more frequent and significantly more expensive in the past year. Ransomware is used particularly often and the attacks increasingly take place in three stages.
As already reported at this point, cyber criminals have increasingly targeted companies with critical infrastructure in recent months. This is also proven by the latest figures from the European Union Agency for Cybersecurity (ENISA). According to the authority, there were 2020 noteworthy and malicious attacks against critical infrastructure organizations (KRITIS) in 304 - compared to 146 incidents in the previous year. The number of attacks on hospitals and other companies in the health sector has also increased by 47 percent. In most cases, ransomware was used, as was the case with Colonial Pipelines and JBS in the USA. ENISA also cites the pandemic and the associated restrictions as one of the reasons for this sharp increase. In particular, the rush with which many services were relocated to the digital world probably meant that security was initially of secondary importance.
Pandemic rush displaced security
A survey by the British security researchers at Sophos also showed that not only has the number of attacks on critical infrastructures increased, but also the costs per incident. While an average of US $ 2020 was generated in 761.106, it was already US $ 2021 million in the first few months of 1,85. However, those values already include the cost of insurance, lost profits, restoration, and the actual ransom.
Both ENISA and Sophos also point to a new scam by cybercriminals that is likely to pose even greater problems for many companies. After the number of two-stage attacks had only increased last year, in which hackers first download the data from their victims' systems before the actual ransomware strikes, a third stage is now increasingly being observed. They use the captured data of their victims to blackmail their business partners and customers and thus receive additional ransom money.
Fileless attacks are increasing
The number of so-called "fileless attacks" has also increased. These work without a file in which the ransomware is hidden and activated with one click. Rather, it is hidden in the computer's operating system, for example in the RAM memory, and does not appear on the hard drive at all. This means that fileless attacks remain under the radar of many security software and can do their work undisturbed.
All of these threats have brought the fight against cyber criminals more into focus politically. The US Department of Justice wants to fight ransomware with the same means that are used against terrorists. Great Britain has also set up a National Cyber Force to hunt down cyber criminals. In addition, the FBI, together with the security company Elliptic, found a way to track ransomware payments, which are normally made in Bitcoin, to the extortionists. This makes it difficult for criminals to “launder” the ransom money online and exchange it for real currencies - and this could significantly reduce the attractiveness of ransomware in the future.
About 8com The 8com Cyber Defense Center effectively protects the digital infrastructures of 8coms customers from cyber attacks. It includes security information and event management (SIEM), vulnerability management and professional penetration tests. It also offers the setup and integration of an Information Security Management System (ISMS) including certification according to current standards. Awareness measures, security training and incident response management round off the offer.