ENISA publishes the cyber-threat landscape for 2021 providing an overview of the most common cybersecurity threats in Europe, the main market trends, the most influential actors, and the preferred attack techniques, which obviously include ransomware.
The ENISA Threat Landscape report is the European Union Cybersecurity Agency’s (ENISA) annual dossier on the cybersecurity threat landscape in the European Economic Area and unsurprisingly individuated ransomware attacks as the top threat this year.
ENISA recently released the ninth edition of the report, which provides a comprehensive perspective on vulnerabilities and threats most relevant to the European social fabric during the period between April 2020 and July 2021. The report identifies the current cybersecurity threats, providing insight into the prevalence and severity of agents and attack vectors in Europe. ENISA pays particular attention to industry “trends,” identifying the most common threat actors, related offensive techniques, and outlining relevant risk mitigation and security incident response measures.
Among the main cybersecurity threats identified, a special mention goes to ransomware attacks, the real main actor of the national and European information security scene. The ENISA Threat Landscape identifies ransomware as the main cybersecurity threat to European enterprises for 2020-2021. Cryptocurrencies, on the other hand, remain the most common payment method for threat agents, usually affiliated with international criminal organizations.
Common attack tools such as malware, phishing, cryptojacking maintain a primary role in the European cyber-threats picture. However, the downward trend in the spread of malware recorded in 2020 is further confirmed in the current year. On the other hand, the volume of cryptojacking infections reached record figures in the first quarter of 2021 compared to recent years.
As a rule, with cryptojacking, cybercriminals secretly exploit the computing power of a compromised device to generate (i.e., mine) cryptocurrencies, without making any substantial changes to the infected systems. The revenues associated with cryptojacking and the simplicity with which such offensives can be carried out have encouraged new players to enter the international scene, leading to an exponential increase in attacks.
It is important to remember that malware is increasingly used in “combined solutions” by attackers. Through combined offensives, in fact, cyber-criminal organizations take advantage of the opportunity to multiply their revenues and probability of success. The victim of a phishing campaign, for example, could be infected with ransomware and a cryptojacker at the same time after unwittingly clicking on a malicious link. Since a device integrally encrypted by ransomware cannot function as a useful device for cryptocurrency mining, the attacker can decide which of the threats to execute depending on the hardware and software configuration of the compromised device, the security measures implemented, and the revenue prospects.
In light of the implications of recent large-scale attacks directed at strategic infrastructure (think Solar Winds case), ENISA stresses the importance of conducting appropriate verification, review, and auditing activities on the level of security and compliance with industry best practices for vendors. Attacks directed at the supply chain, in this sense, are experiencing a worrying spread.
COVID-19 has provided a new “lure” for phishing attacks. ENISA reports stable growth in social-engineering email campaigns. The most affected sector in 2021, predictably, is healthcare, easy prey to malicious offensives due to often inadequate and outdated systems and strategies for preventing and responding to cyber-attacks. On the other hand, ENISA points out that DDoS (Distributed Denial of Service) campaigns in 2021 will be increasingly targeted, persistent, and multi-vector. The advent of IoT (Internet of Things), along with the spread of 5G network architectures, has lent itself to a new wave of DDoS-type attacks.
Last note, the one related to accidental cyber incidents, mainly related to internal threats within organizations. During 2020 and 2021, there will be an exponential growth of data breaches related to errors in data management and/or misconfiguration of systems and network architectures by companies and professionals. The COVID-19 pandemic has accentuated the absence of adequate “literacy” in information security and, more generally, in the use of IT tools. The sudden push toward digitization has acted as a multiplier for human error and insider threats, to the point of being the most voluminous piece in the cyber-threats picture of 2021.
On a similar issue, the following article may be of interest “How to deal with a data breach following a ransomware cyberattack?“.