Cybersecurity

A surge in digital crimes that occurred during the COVID-19 pandemic seems to be continuing in the Netherlands, despite a low number of burglaries, robberies, and muggings. These digital crimes include online scams and fraud. Reports on cybercrime cases stood at 4,715 in 2019 and rose to 13,949 in 2022. Conversely, while classic crimes have slightly increased since the end of the pandemic, their number still remains low compared to 2019.

Vixen Panda, a Chinese advanced persistent threat (APT) group, has been linked to a wave of attacks against the Iranian government between July and December 2022. An analysis conducted by cybersecurity researchers at the Palo Alto Networks’ Unit 42 indicates that Iranian government networks have likely been compromised by two new variants of a backdoor called Turian.

The European Parliament’s civil liberties committee (LIBE) has voted for the parliament to move ahead with ratifying the Second Additional Protocol to the Budapest Convention on Cybercrime. More specifically, LIBE voted in favour of a draft European Parliament resolution that will give the parliament’s consent to a draft Council decision that allows EU member states to ratify the Additional Protocol.

Among other provisions, the Protocol introduces the possibility of emergency mutual assistance between signatories in addressing cybercrime, creates a legal framework for joint investigations, and makes it possible to collect evidence via videoconference where necessary.

The Protocol was criticised by civil society organisations citing incompatibilities with the EU’s Charter of Fundamental Rights. At the same time, a January 2022 opinion from the European Data Protection Supervisor (EDPS) underscored the “many safeguards” contained in the text despite the fact that some data transfers between the EU and the US would be facilitated under the agreement.

Following an unspecified ‘cyber-incident’, the UK’s Royal Mail has warned customers of ‘severe service disruption’ for items sent abroad. The National Cyber Security Centre in the UK acknowledged this, stating that they are aware of an incident affecting Royal Mail Group and are working with the company, as well as the National Crime Agency, to fully understand the impact.

Attacks using distributed denial of service (DDoS) techniques have affected the central bank and seven private banks in Denmark and disrupted their business activities. The attack also affected IT financial industry solutions developer Bankdata, which led to temporary access restrictions in the case of the websites of private banks.

According to data released by Check Point Research, the number of cyber-attacks recorded globally in 2022 was nearly two-fifths (38%) higher than the total volume observed in 2021. Attacks peaked in the fourth quarter of 2022, with an average of 1168 weekly attacks per organisation. The sectors most affected by cyber-attacks were education/research (2314 average weekly cyber-attacks), government/military (1661), and healthcare (1463). The highest volume of attacks was recorded in Africa (1875 weekly attacks per organisation), followed by Asia-Pacific, Latin America, Europe, and North America. 

Check Point Research also indicated several trends observed during 2022: (a) the ransomware ecosystem continuously evolving, with smaller and more agile criminal groups; (b) hackers widening their aim to target business collaboration tools such as Slack and Teams with phishing exploits; (c) academic institutions becoming a popular target for cybercriminals.