Why it matters: Cybercriminals took advantage of the pandemic by using attacks to extract as much monetary value as they could. EU cybersecurity agency Enisa stressed that such activities have led to hackers-for-hire becoming the biggest threat to online security over the last 15 months.
Enisa said in its annual report, which covers a study conducted from April 2020 to July 2021, that the Covid-19 health pandemic has seen cybercriminals ramp up their efforts in targeting potential victims.
“The Covid-19 crisis has created possibilities for adversaries who used the pandemic as a dominant lure in campaigns for email attacks for instance. Monetization appears to be the main driver of such activities,” the agency stated.
One notable ransomware attack was the Colonial Pipeline incident, with hacker group DarkSide exposing a security breach found in an operator’s digital infrastructure. Ultimately, it resulted in the fuel supply line serving the US East Coast shutting down.
Other key methods that threat actors focused on involved phishing e-mails, as well as brute-forcing on Remote Desktop Protocol (RDP) services, which remain the two most common infection vectors.
Unsurprisingly, the preferred method of payment for hackers was cryptocurrency. According to the study, other cyber threat areas experiencing growth include cryptojacking, which involves criminals secretly utilizing a target’s computing power to generate cryptocurrency.
With Bitcoin and other coins surging to record highs, expect that particular threat to remain an attractive option in the near future. $5.2 billion worth of Bitcoin transactions have already been linked to ransomware.
The top nine threat groups identified are ransomware, malware, cryptojacking, e-mail related threats, threats against data, threats against availability and integrity, disinformation/misinformation, non-malicious threats, and supply-chain attacks.
A recent report from a cloud security firm found that certain cybercrime services cost less than $500. Moreover, hackers can be hired to perform specific jobs like credit card scams or identity theft for as low as $250.