Cybersecurity threats are on the rise and ransomware is the prime threat for private companies and public bodies, says latest ENISA Threat Landscape report by the European Union Agency for Cybersecurity.
Cybercriminals are increasingly motivated by the monetization of their activities, and their attacks are growing in terms of sophistication, complexity, and impact due to our massive online presence, the transition of traditional infrastructures towards digital solutions, advanced interconnectivity of systems, and the exploitation of new features of emerging technologies.
Ransomware and cryptojacking are the techniques that money-oriented attackers use more frequently, and cryptocurrency remains their most common pay-out method. Without surprise, ENISA highlights supply-chains attacks are ranking high because of the significant potential they have in inducing catastrophic cascading effects.
But something is changing. DDoS (Distributed Denial of Service) campaigns are becoming much more targeted, persistent, and increasingly multivector. And not all cyber offenders are primarily driven by money.
In the UK, on December 20th 2021, Gloucester City Council became aware of a cyberattack hitting its systems and resulting in some key services such housing benefits management to be delayed or unavailable. As reported by BBC, it could take months to fix affected servers and systems, while preliminary investigations unveiled there could be links to hackers in the former Soviet Union.
The mounting tension between Russia and Ukraine is seen by cybersecurity experts as a possible trigger of hacking offensives threatening Europe, the US, and beyond. That has already happened in 2017 with NotPetya, a Russian cyberattack that targeted Ukraine but rapidly impacted the entire world at a cost of billions of dollars.
The likelihood of cyberwar scenarios makes ENISA underline there are four categories of cybersecurity threat actors to be monitored: ‘traditional’ cybercriminals, state-sponsored attackers, hacker-for-hire actors, and hacktivists. Understanding how these actors think and act, what their motivations and goals are, is an important step towards a stronger cyber incident response.
Are cities prepared to recognize and face such different threats? Listen to Nicola Crespi, head of R&D at Paradox Engineering, and Dario Campovecchi, our cybersecurity architect, in a conversation that explores some of the most acute dangers Smart Cities are confronted with, and how to manage cybersecurity as a lifelong journey. The podcast is available on Tomorrow.City