Cyber criminals took advantage of the pandemic to increase their activity
CNN this week reported that significant cyberattacks against critical targets in Europe have doubled in the past year. The US based news service cited new EU figures they had obtainedd from EU authorities. The data show that as the pandemic pushed lives indoors and online, online malefactors rushed to take advantage of the situation.
The European Union Agency for Cybersecurity, ENISA, told CNN there were 304 significant, malicious attacks against “critical sectors” in 2020, more than double the 146 recorded the year before.
The agency also reported a 47% rise in attacks on hospitals and health care networks in the same period. The criminal networks sought to leverage their attacks to maximize gain by targeting the pandemic’s most vital services.
The surge in attacks reflects a global trend
The figures show the growing global impact of cyberattacks, often in the form of ransomware. Such attacks have recently figured prominently in the United States, when the Darkside group targeted the Colonial Pipeline network causing gas station queues because of a fear of shortages.
The pandemic meant “a lot of services were provided online and that happened in a kind of rush, so security was as an afterthought,” said Apostolos Malatras, team leader for knowledge and information at ENISA. At the same time people stayed indoors and had time to explore vulnerabilities in systems and critical infrastructure, he added.
Surveys of businesses by the British security firm Sophos also concluded that the average cost of a ransomware attack has doubled in the year to date. The survey estimated the cost for 2020 at $761,106, but by this year that figure had leapt to $1.85 million. The cost includes insurance, business lost, cleanup and any ransomware payments.
The rising cost reflects the greater complexity of some attacks, said John Shier, senior security adviser at Sophos, who added that while the number of attacks had dropped, their sophistication had risen.
“It looks like they are trying to be more purposeful,” Shier said. “So they’re breaching companies, understanding exactly what company they breached and trying to penetrate as fully as possible, so that they can then extract as much money as possible.”