A record increase in cryptojacking, hackers-for-hire on the rise and a possible solution to the ransomware problem. We share a sampling from Threat Landscape 2021, ENISA’s annual cybersecurity report.
ENISA (European Network and Information Security Agency) identifies ransomware as the biggest threat in today’s landscape. According to the organization, the problem outpaces every other leading risk, including malware, cryptojacking, misinformation, supply chain attacks and threats to data, email, accessibility and integrity.
ENISA states that email phishing and brute-forcing through Remote Desktop Protocol are the two most common entry points for the spread of ransomware. Although a perceived rise in Ransomware-as-a-Service models makes it difficult to pinpoint ransomware types and groups, the organization reports that REvil and Conti made the highest number of victims and most financial gain.
Multi extortion ransomware appears to be growing. ENISA identifies an increase in attacks where data is first taken hostage and then used to hit the systems of the victim’s partners and customers, even when the initial victim pays the ransom.
Follow the money
ENISA suggests that vigilance for money laundering may be the key to detecting, stopping and bringing ransomware groups to justice.
According to the organization, the vast majority of ransomware ransom money is collected in Bitcoin. Supposedly, ransoms are often processed in bitcoin mixers: crypto from different sources ends up in a jar, is shaken up and covertly sent to criminals’ wallets.
The process of mixing is equivalent to money laundering, making it difficult to track criminal activity. However, at some point, the crypto is converted to cash. Therein lies an opportunity, says ENISA, furtherly stating that cooperation from cryptocurrency exchanges could significantly improve the detection of ransomware groups.
Cryptojacking and hacking-for-hire
Furthermore, an increase in cryptojacking stands out. In 2019 and 2020, ENISA reported on a decline of the threat, undoubtedly driven by the shutdown of cryptominer Coinhive in March 2019. Now ENISA states that the use of cryptomining malware more than doubled in Q1 2021(+117 percent), attributing the change to the professionalization of cybercriminals and a growing interest in financial gain.
In addition, the report addresses a notable increase in hacker-for-hire services. According to ENISA, the ‘Access-as-a-Service’ market is on the rise: governments being the primary customers and cyber attacks a central commodity. The organization states that adherent service providers operate from countries where cybercrime is partially or fully legal.
The above is a fringe of the full picture that emerges from the report. Read the full document on ENISA’s website.