The European Union Agency for Cybersecurity, ENISA, told CNN there were 304 significant, malicious attacks against "critical sectors" in 2020, more than double the 146 recorded the year before.
The agency also reported a 47% rise in attacks on hospitals and health care networks in the same period, as the same criminal networks sought to cash in on the pandemic's most vital services.
The figures show the growing global impact of cyberattacks, often in the form of ransomware, which has recently caused havoc in the United States when the Darkside group targeted the Colonial Pipeline network causing gas station queues because of a fear of shortages.
The pandemic meant “a lot of services were provided online and that happened in a kind of rush, so security was as an afterthought,” said Apostolos Malatras, team leader for knowledge and information at ENISA. At the same time people stayed indoors and had time to explore vulnerabilities in systems and critical infrastructure, he added.
Surveys of businesses by the British security firm Sophos also concluded that the average cost of a ransomware attack has doubled in the year to date. The survey estimated the cost for 2020 at $761,106, but by this year that figure had leapt to $1.85 million. The cost includes insurance, business lost, cleanup and any ransomware payments.
The rising cost reflects the greater complexity of some attacks, said John Shier, senior security adviser at Sophos, who added that while the number of attacks had dropped, their sophistication had risen.
“It looks like they are trying to be more purposeful,” Shier said. “So they're breaching companies, understanding exactly what company they breached and trying to penetrate as fully as possible, so that they can then extract as much money as possible.”
Tracing criminal transactions
While law enforcement and security experts say the best policy is not to pay ransoms as these encourage the criminals, there is some hope for companies that pay up.
Better technology enables some security firms to trace the crypto-currency, usually bitcoin, as criminals move it around different accounts and crypto-currencies.
This week, FBI investigators were able to recover some of the money paid out to the Darkside ransomware group by the Colonial Pipeline network, after an attack that caused significant disruption to gas supplies in the United States.
Cyber-security firm Elliptic, which assists the FBI in such traces, said the short time that Darkside had the money meant it was unable to adequately cyber-launder the funds, so the route was easy to discover.
“At the moment, criminals want to cash out in euros or whatever in order to benefit from their criminal activity,” said Tom Robinson, chief scientist at Elliptic. This meant the crypto-currency was usually sent to a financial exchange in the real world, to be turned into real-world cash, he said.
“If the exchange is regulated, then you should be identifying their customers and reporting any suspicious activity,” said Robinson.
Tricks used to hide the route of illicit crypto-currency by criminal groups are growing in complexity, he said. Some use “mixer wallets,” which enable users’ crypto-currencies to be mixed together — like shuffling used banknotes — making ownership difficult to trace. Robinson said regulation of these wallets and all exchanges would help slow criminal incentives for using ransomware.
“It's about identifying who the perpetrators are, but also ensuring that it's very difficult for these criminals to cash out,” said Robinson. “It means there's less of an incentive to commit this kind of crime in the first place.”