Hackers-for-Hire rising threat against cyber security
Hackers-for-hire is a rising trend among cyber-crime actors together with state-sponsored, cybercrime and hacktivists, says the EU Agency for Cybersecurity, ENISA, in a report about cybersecurity threats. “Threats are on the rise. Ransomware ranks as a prime threat”.
The rise of hacker-for-hire services refers to actors within the “Access-as-a-Service” (AaaS) market that is mostly comprised of firms that offer offensive cyber capabilities. Their clients are usually governments (but also corporations and individuals).
These hacker-for-hire threat actors complicate the threat landscape. Their targeting cannot be predicted as it depends on the tasks their clients order; there is no focus on specific sectors and thus any sector has the potential to be targeted. These threat actors act as proxies and it is very difficult for defenders to identify their sponsors as well as their objectives, the report says.
ENISA says supply-chains attacks rank highly among prime threats because of the significant potential they have in inducing catastrophic cascading effects. The risk is such that the agency recently published a dedicated threat landscape report for this specific category of threat.
9 threat groups are identified:
- Ransomware;
- Malware;
- Cryptojacking;
- E-mail related threats;
- Threats against data;
- Threats against availability and integrity;
- Disinformation – misinformation;
- Non-malicious threats;
- Supply-chain attacks.
”The COVID-19 crisis has created possibilities for adversaries who used the pandemic as a dominant lure in campaigns for email attacks for instance. Monetisation appears to be the main driver of such activities.”
Major techniques used by threat actors:
- Ransomware as a Service (RaaS)-type business models;
- Multiple extortion ransomware schemes;
- Business Email Compromise (BEC);
- Phishing-as-a-service (PhaaS);
- Disinformation-as-a-Service (DaaS) business model; etc.
The report is focusing on three major threats:
- Ransomware
Malicious attack where attackers encrypt an organisation’s data and demand payment to restore access.
- Cryptojacking infections
Cryptojacking or hidden cryptomining is a type of cybercrime where a criminal secretly uses a victim’s computing power to generate cryptocurrency. With the proliferation of cryptocurrencies and their ever-increasing uptake by the wider public, an increase in corresponding cybersecurity incidents has been observed. Cryptocurrency remains the most common pay-out method for threat actors.
- Misinformation and disinformation
Disinformation and misinformation campaigns are on the rise as a result of the increased online presence due to the COVID-19 pandemic logically leading to an overuse of social media platforms and online media.
Such threats are of paramount importance in the cyber world. Disinformation and misinformation campaigns are frequently used in hybrid attacks to foster doubt or create confusion, therefore reducing the overall perception of trust as a consequence and damaging this major proponent of cybersecurity in the process.
“Given the prominence of ransomware, having the right threat intelligence at hand will help the whole cybersecurity community to develop the techniques needed to best prevent and respond to such type of attacks. Such an approach can only rally around the necessity now emphasised by the European Council conclusions to reinforce the fight against cybercrime and ransomware more specifically, said the agency´s executive director Juhan Lepassaar.
Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.
Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!
We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.
