Is the world really safe?| Cyber Crisis and Analysis by Enisa
With growing technological changes, organizations are currently grappling with increasing security concerns. Any cybersecurity event could vandalize the hard-earned reputation and loss of large asset values. A lot of data breaches and cyberattacks have had a great impact, and organizations are working towards pruning security breaches.It’s high time that everyone understands more about Cybersecurity and be cautious at the same time.
During the course of our final spring semester as students in the Communication, Media & Culture department and as part of the AD & PR Lab, we had the opportunity to attend a pioneering module on Crisis Management. Our second task was to conduct research on Enisa’s organization, analyze in detail the top risks in cyberwar, the high trends during many, different cyber crises and to make recommendations about them.
Who is Enisa?
The European Union Agency For Cybersecurity (ENISA) is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, the European Union Agency for Cybersecurity contributes to EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow. The Agency strengthens trust in the connected, boosts resilience of the Union’s infrastructure and keeps Europe’s society and citizens digitally secure. There are top 9 threats that Enisa analyses and conducts but we decided to keep only the top 5, because we thought they are more important.
Our top 5 threats:
- Cryptojacking
- Ransomware
- Disinformation/ Misinformation
- Email Related Threats
- Threats Against Data
Cryptojacking or hidden cryptomining is a type of cybercrime where a criminal secretly uses a victim’s computing power to generate cryptocurrency. With the proliferation of cryptocurrencies and their ever-increasing uptake by the wider public, an increase in corresponding cybersecurity incidents has been observed. Many of the trends are when the Cryptojacking volume in 2021 is record high and when XMRig dominated the cryptomining market. XMRig343, an open-source miner, is used by attackers and most malware to perform cryptomining on victims unwillingly. Moreover, Infection methods do not change. The techniques used to spread and deploy cryptominers do not differ much from other malware infection methods). The recommendations are:
1. Monitor battery usage on users’ devices and, in the case of suspicious spikes in CPU usage, scan for the presence of file-based miners.
2. Implement web filtering of common cryptomining protocols, as well as blacklisting the IP addresses and domains of popular cryptomining IP pools
3. Install endpoint protection by means of anti-virus programs or crypto-miner blocking browser plug-ins.
4. Invest in raising users’ awareness of cryptojacking
Ransomware is the second top threat that Enisa conducts. Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand additional payment in return for not disclosing the information to authorities, competitors, or the public. Ransomware has been the prime threat during the reporting period. The significance and impact of the threat of ransomware is also evidenced by a series of related policy initiatives in the European Union (EU) and worldwide. The top trends are when RDP and phishing remain the most common attack vectors, the Recruiting future insider threats and the Ransomware-as-a-Service business model. The recommendations are:
- Identities and credentials should be issued, managed, verified, revoked, and audited for authorized devices, users, and processes
- Keeping up with recent ransomware trends, developments and proposals for prevention
- Training and raising the awareness of users (including privileged users)
- Restricting access to known ransomware sites.
Online disinformation, also referred to as “fake news”, has recently received a lot of attention as a potential disruptor of democratic processes globally. There is a need to initiate a dialogue in the EU around the possible responses to this phenomenon. The term misinformation refers to information that is false or inaccurate, and is often spread widely with others, regardless of an intent to deceive.You could find the differences:
● If it seems too good to be true
● If it plays to your own implicit biases
● If it elicits either extreme positive or negative emotions
● If it’s not properly sourced, or the stats appear out of date
There were many trends about that threat. For example, a conspiracy theory circulating online that claims 5G cellular networks cause cancer, despite there being no scientific evidence to support this claim. The main idea behind the false claim is that 5G radio waves are harmful to the brain. Furthermore, Russia’s interference in the 2016 presidential election with help from Facebook ads, pages, and private groups. Russian actors targeted specific geographic regions and swing states to spread propaganda against Democratic nominee Hillary Clinton and sow division among Americans. The recommendations:
- Artificial intelligence, reputation reporting, and transparency
- Source verification and fact checking
- Online reporting options
- Economic disincentives
E-mail related attacks are a bundle of threats that exploit weaknesses in the human psyche and in everyday habits, rather than technical vulnerabilities in information systems. Interestingly and despite the many awareness and education campaigns against these types of attacks, the threat persists to a notable degree. One trend was when COVID-19 was still the lure in email threat campaign. The COVID-19 pandemic has given rise to this category of threats since people’s online presence and need for communication has greatly risen during this period. The recommendations:
- Establish and maintain an incident response team and evaluate incident response plans frequently
- Apply ‘threat hunting’ within a company to strengthen security plans.
- Invest in and create policies and plans for engaging with governance, risk management and compliance teams.
- Policies such as velocity-based rules can be used to mitigate identity fraud, especially for payment card transactions.
Finally, threats against data. Threats against data form a collection of threats that target data sources with the aim of gaining unauthorized access, disclosure, misinformation, disinformation, etc. They are mainly referred to as data breaches or data leaks and refer to the release of sensitive, confidential or protected data to an untrusted environment. Considering data breaches, the industry sectors suffering the most from internal errors are finance and insurance, public administration, healthcare and information. The recommendations:
- Establish and maintain an incident response team and evaluate incident response plans frequently
- Apply ‘threat hunting’ within a company to strengthen security plans.
- Invest in and create policies and plans for engaging with governance, risk management and compliance teams.
- Policies such as velocity-based rules can be used to mitigate identity fraud, especially for payment card transactions.
Are we really safe after all?
Our professors and mentors: Betty Tsakarestou, Mania Xenou
Our ADventure team members: Μαρίνα Σ., Effie Karpathaki, Katherine Papagianni, Demetra Tzorou, Eirhnhzh, Theodora Filopoulou
