EU’s Cyber Defence Agency Warns Of The Threat Of Hacking Incidents

Enisa, the EU’s cyber defence agency has released its annual report, which warns that cyber criminals have now become the biggest main “threat agent”, and that they are “responsible for at least two-thirds of the incidents registered”. “Understanding the key cybersecurity threats that the EU must respond to and the way in which they are evolving is essential if we are to successfully protect the cyberspace, the key enabler of the EU digital single market,” Mariya Gabriel, the EU commissioner for the digital economy, said.

Phishing aimed at CEO’s of larges businesses was the biggest reported threat, being “responsible for 90 to 95 percent of successful attacks worldwide”. The agency has warned CEO’s to be wary of the risks, especially when opening emails with high risk subject lines like ‘Official Data Breach Notification’, ‘UPS Label Delivery’, ‘IT Reminder: Your Password Expires’, ‘Please Read Important from Human Resources’, and ‘All Employees: Update your Healthcare Info’. These were the most commonly used titles used in fake emails that are designed to install malware on computers.

The report said “An attack on DU Group, a US web application company, last year got access to two billion “user phone numbers, names, and addressesNetEase, a Chinese internet firm, let slip 1.2 billion email addresses and passwords that were later sold to other hackers on the web, while River City Media, a US online marketing company, lost 1.4 billion “names, addresses, IP addresses, and email addresses, as well as an undisclosed number of financial documents, chat logs, and backups”.

The report also noted that “insiders” in both large corporations and government agency who steal data were the second biggest threat, followed by nation states who use data to blackmail victims, using cyber-espionage, ransomware or malware. The report said “Nation states have become the third most active threat agent group with over 20 percent of incidents. Given the advanced capabilities of this group, performed attacks are often difficult to identify and defend. This means that it is very likely that the actual activity of this group may be much higher”.

The most active cyber-espionage groups were also named. The first being APT17389, which is based in China and conducted “network intrusions against US government entities, the defence industry, law firms, information technology companies, mining companies, and non-government organisations”. The second group was Russian based APT29388 group which is thought to be associated with Russian intelligence services and the third was named as APT28387, “a cyber-espionage group most probably sponsored by the Russian government.”

It was highlighted throughout the report that China, India and Russia were the most “botnet infected countries” with the highest number of cases of fake accounts being used to send spam emails containing malware. An estimated 60% of hacking incidents originate in China, where “exploit kits” and botnet hordes can be hired from sites. Some of which “include dashboards showing the number of attacks carried out and the number of online bots”