Attention, for Enisa, the European Union agency for cybersecurity, the situation is deteriorating on the cyber front. In its latest report on the state of the threat, the agency directed by the Estonian Juhan Lepassaar is concerned, against the backdrop of a Russian invasion of Ukraine which “changed the game”, an increase in threats on a wider perimeter.
Ransomware tops the list of threats
Thus, in this dense 150-page document which analyzes the panorama over the period from July 2021 to June 2022, Enisa notes that the Ukrainian crisis has redefined the contours of cyberwar and hacktivism, whether in the participation of private companies or the emergence of groups with vague outlines. The agency, for example, expects to see more cyber-operations motivated by geopolitics, with therefore a risk of collateral damage.
While ransomware is still at the top of the list of main threats, Enisa notes a significant increase in denial of service attacks. This type of computer attack is becoming “more complex”, notes the agency, which notes its use in the context of the Ukrainian conflict and its evolution towards mobile networks and the Internet of Things. Easier to implement than ransomware, denial of service attacks can serve as the basis for an extortion attempt, for example.
0 days
The agency also reports an increasing use of 0-days, those undisclosed vulnerabilities, in cyberattacks. This may be a reflection of the professionalization of attackers or proof that a more mature level of security forces them to strike harder. Enisa points out that the vulnerabilities most exploited by cybercriminals have been ProxyLogon, ProxyShell, PrintNightmare and Log4Shell.
However, phishing was the most common vector of intrusion, notes Enisa. Like taking remote access via the Remote Desktop Protocol, it is an inexpensive attack method for attackers. It is evolving with variants targeting specific people, or declining towards SMS or voice calls.
The agency, which notes that malicious hackers shop heavily on black markets to acquire unauthorized access to networks of organizations, finally believes that cybercriminal franchises should continue to actively exploit in 2022 the opportunities offered by vulnerabilities. newly discovered. They should also target the Internet of Things, VPNs and cloud infrastructures more.