"Mercenary" hackers and ransomware on demand: cybercrime threatens the European economy

In the last year, illicit activities have multiplied, including the sale of actual attacks in "as-a-service" mode. Phishing and email threats are strengthened with smart working. Data monetization is the number one goal 27 Oct 2021

Ransomware is the number one cyber threat in the post-Covid world: current events have shown it and the annual report "A Threat Landscape 2021" by Enisa (HERE THE FULL STUDY) confirms it. It's not the only threat, but monetization is now by far the main target of hacker attacks. Cybercriminals are increasingly part of a sophisticated and organized criminal activity that sees for-hire hackers emerge as cybercrime actors, true mercenaries of online crime, serving cybercrime companies offering malware and as-a-service attacks. . Next to them are actors supported by governments, while hacktivists remain a minority. The ninth edition of the European Cybersecurity Agency's annual report on cyber threats covers the period from April 2020 to July 2021. Index of topics • Rising threats: there is also occult cryptomining • Cybercrime “as-a-service”, on-demand models also for crime • The rise of mercenary hackers and cyber-offending companies Rising threats: there is also occult cryptomining The Enisa report notes a growth in cybersecurity threats with ransomware as the first threat in the period studied. This trend is fueled by a growing online shift of all businesses, including the transition from traditional infrastructures to online solutions. The interconnected world and emerging technologies such as AI are further elements exploited by cybercriminals to launch their attacks.

Among the types of threats there are also attacks on supply chains, targeted by hackers, or by their sponsors, because they are capable of producing serious cascading effects. The risk is such that Enisa has also produced separate reports on threats divided by sector. These are the 9 most frequent types of threats in the past year: 1. Ransomware (attacks on networks and blocking of data with consequent ransom demand); 2. Malware; 3. Cryptojacking (also called covert cryptomining: the criminal uses the victim's computer to generate cryptocurrencies); 4. Email threats; 5. Attacks on data (data breach, data leak); 6. Threats to availability and integrity (such as DoS attacks); 7. Misinformation - fake news; 8. Non-malicious threats (human errors, incorrect system configurations, accidents that impact IT systems); 9. Attacks on the supply chain.

Cybercrime “as-a-service”, on-demand models also for crime There are many techniques used by cybercrime actors. The Covid-19 pandemic has multiplied the possibilities for hackers to perpetrate their attacks via email, which often exploits networks and personal devices used for smart working. Profit is in general the main purpose of cyber-attacks: all data is valuable to cybercriminals, not just the “classic” credit card credentials. Some specific criminal business models have thus spread. These include Ransomware as a service (SaaS): in 2020, two thirds of ransomware campaigns were attributed to operators who used RaaS. More sophisticated "multiple extortion" ransomware activities in which hackers use multiple tools to force the victim to pay the ransom, for example the threat to publish data and information on "public shaming" sites or in the media, direct phone calls to those responsible of IT systems or companies or their partners / investors / customers, and data auctions on the dark web. Other attack models are Business email compromise (Bec); Phishing-as-a-service (PhaaS); and Disinformation-as-a-Service (DaaS). The latter type of threat appears for the first time in a report on Enisa's cybersecurity. Campaigns that spread false news have grown with the Covid-19 pandemic and the increase in the use of social platforms and online media in general. This technique is now at the heart of many cyber attacks. Campaigns based on fake news or disinformation are often part of hybrid attacks and support other threats creating doubt and confusion. The rise of mercenary hackers and cyber-offending companies Among the actors of cybercrime, hacker-for-hire services are establishing themselves: criminals paid as “freelancers” who offer themselves on an “Access-as-a-Service” (AaaS) market where companies that sell cyber-offense techniques operate. These services are usually hired by governments, but companies and individuals are also among the customers. Cyber offense companies offer specific categories of services, often in “you too-in-one ”, for example: vulnerability research and exploitation, malware development, technical control, operations management, training and support. Real criminal software houses.