Russia’s war in Ukraine and European cybersecurity
Russia’s war on Ukraine has influenced the cyber sphere in many ways with cyber operations used alongside traditional military action, the European Parliament says in a summary of European cyberthreats. According to Enisa (EU’s agency for cybersecurity) actors sponsored by the Russian state have carried out cyber operations against entities and organisations in Ukraine and in countries that support it.
Hacktivist (hacking for politically or socially motivated purposes) activity has also increased, with many conducting attacks to support their chosen side of the conflict, the European Parliament writes in its summary.
The report says Russian disinformation has focused on finding justifications for the invasion, while Ukraine has used disinformation to motivate troops. Deepfakes with Russian and Ukrainian leaders expressing views supporting the other side of the conflict were also used.
Cybercriminals tried to extort money from people wanting to support Ukraine via fake charities
The six top sectors affected by cyber attacks according to Enisa:
- Public administration/government (24% of incidents reported)
- Digital service providers (13%)
- General public (12%)
- Services (12%)
- Finance/banking (9%)
- Health (7%)
Enisa’s Threat Landscape 2022 report shows there are eight prime threat groups:
- Ransomware
Ransomware attacks continued to be one of the main cyberthreats. They are also getting more complex. According to a survey quoted by Enisa, half of respondents or their employees had been approached in ransomware attacks.
The highest ransomware demand grew from €13 million in 2019 to €62 million in 2021 and the average ransom paid doubled from €71,000 in 2019 to €150,000 in 2020. It is estimated that in 2021 global ransomware reached €18 billion worth of damages – 57 times more than in 2015.
2. Malware
Malware includes viruses, worms, Trojan horses and spyware. After a global decrease in malware linked to the pandemic in 2020 and early 2021, its use increased heavily by the end of 2021, as people started returning to the office, the report says.
The rise of malware is also attributed to crypto-jacking (the secret use of a victim’s computer to create cryptocurrency illegally) and Internet-of-Things malware (malware targeting devices connected to the internet such as routers or cameras).
According to Enisa, there were more Internet-of-Things attacks in the first six months of 2022 than in the previous four years.
3. Social engineering threats
Tricking victims into opening malicious documents, files or emails, visiting websites and thus granting unauthorised access to systems or services. The most common attack of this sort is phishing (through email) or smishing (through text messages).
Almost 60% of the breaches in Europe, the Middle East and Africa include a social engineering component, according to research quoted by Enisa.
The top organisations impersonated by phishers were from the financial and technology sectors. Criminals are also increasingly targeting crypto exchanges and cryptocurrency owners.
4. Threats against data
Threats against data mainly classified as data breaches (intentional attacks by a cybercriminal) and data leaks (unintentional releases of data). Money remains the most common motivation of such attacks. Only in 10% of cases is espionage the motive, Enisa says.
5. Denial of service by overloading
These are some of the most critical threats to IT systems. They are increasing in scope and complexity. One common form of attack is to overload the network infrastructure and make a system unavailable.
Denial of Service attacks are increasingly hitting mobile networks and connected devices. They are used a lot in Russia-Ukraine cyberwarfare, the summary says. Covid-19 related websites, such as those for vaccination have also been targeted.
6. Threats to availability of internet
These include physical take-over and destruction of internet infrastructure and seen in occupied Ukrainian territories as well as blocking access to news and social media.
7. Disinformation/misinformation
The increasing use of social media platforms and online media has led to a rise in disinformation (purposefully falsified information) and misinformation (sharing wrong data). The aim is to cause fear and uncertainty.
Deepfake technology means it is now possible to generate fake audio, video or images that are almost indistinguishable from real ones.
8, Supply-chain attacks
This is a combination of two attacks – on the supplier and on the customer. Organisations are becoming more vulnerable to such attacks, because of increasingly complex systems and a multitude of suppliers, which are harder to oversee, the report says.
Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.
Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!
We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.