Report: Cyberfraud in Romania up over 40pct in 2024, malware attacks up 286.8pct

Cyberfraud reported in Romania in 2024 increased by 40.2% year-on-year, in line with global and European Union (EU) trends, while malware attacks surged by 286.8%, according to the 2024 Annual Report of Romania's (DNSC) released on Wednesday at a news conference.According to the document, as far as cyberfraud is concerned, its increase is a consequence of increasingly aggressive and innovative techniques, tactics and protocols of criminals, correlated with a surge in attacks using telephone spoofing techniques and financial investment schemes, which exploit the trust of victims through false financial opportunities aggressively promoted. Also, the increase in the number of frauds reported to DNSC is also influenced by the DNSC messages and actions in the public space, encouraging their reporting to the authorities.In terms of malware, the report reveals a surge by 286.8% in 2024 from 2023, while the number of compromised applications followed an upward trend (+125%)."This trend shows a significant and worrying development in the capabilities and expertise of cyber attackers, who have become very prolific in creating new varieties of malware, with an estimated 500,000 pieces of malware being generated daily. It is also a clear indication of the attackers' intention to exploit vulnerabilities in the supply chain with the applications they produce. Also, the trend indicates the need to use antimalware solutions as a priority," the DNSC report mentions.Bruteforce (+30.3%) and Compromised Account (+21%) were the two types of cyber attacks that grew in use. Specialists argue that the trend can be explained by an increase in the number of automated attacks, and also by the poor implementation of multi-factor authentication at the user level, corroborated with a proliferation of standard user activity on a significantly increased number of platforms and applications, with the re-use of user precautions.On the other hand, phishing attacks decreased by 21%, year-on-year. The decline is mainly due to the success of user education campaigns, but also to the steps taken by DNSC for the large-scale implementation by organisations of email server security measures (SPF/DKIM/DMARC).Also, a 27.8% decrease was reported in infected IPs, which may reflect better protection at the network level and the adoption of more advanced security solutions by organisations.Other decreases were reported in website defacements (-45.8%) and DDoS (-38.5%) attacks, respectively. "These decreases indicate an improvement in server monitoring and protection against volumetric attacks nationwide, with public and private sector organisations increasingly adopting cybersecurity services and solutions," the report said.In 2024, DNSC intervened to support players impacted by a series of cyberattacks and cyberincidents in: energy (Rompetrol and Mol Romania); banking (Alpha Bank, Banca Transilvania, Banca Comerciala Romana, Creditcoop, Exim Bank, Edificium, Banca Nationala a Romaniei, Banca Romana de Credite si Investitii, Bucharest Stock Exchange and the Bank Deposit Guarantee Fund; digital infrastructure/telecommunications (Orange, Telekom and GTS); transport (National Railway Company - CFR, National Road Infrastructure Management Company - CNAIR, Bucharest National Airports Company, Port of Constanta, Astra Trans Carpatica Feroviar, Baneasa Airport and Metrorex); and central and local public administration (Romanian Government, Special Telecommunications Service, National Directorate of Cyber Security, Ministry of Internal Affairs, the Romanian Senate, the Ministry of Foreign Affairs, the Ministry of Public Works Development and Administration, the Ministry of Tourism and the Bucharest City Hall).Other attacks reported during the past year targeted websites, including, but not limited to, the official pages of some political parties - e.g. Alliance for the Union of Romanians, encryption and sensitive data exfiltration, such as the exfiltration of data from the Chamber of Deputies, bruteforce attacks, for example attacks that targeted the infrastructures of the Bucharest City Hall, Bucharest Transport Company, Romanian Railway Authority, University of Bucharest, based on source IPs hosted in Russia.At the same time, the ransomware phenomenon is one of the most persistent and serious, with 101 such incidents detected and managed in 2024 by DNSC. Among them was a cyberattack of the Romanian Soft Company - the developer of the Hipocrates platform, which offers internal flow services to hospital units. Following the attack, 26 hospitals were directly targeted, being unable to carry out their business for about a week.In addition, other ransomware attacks targeted companies of the Electrica S.A. group, with a major impact on the public services offered by Electrica Furnizare S.A. and Distributie Energie Electric? Romania S.A., with the consequence of affecting a number of over 800 servers and 4,000 workstations located at the Bucharest, Ploiesti, Brasov and Cluj branches; the City Hall of Timisoara as well as institutions under their authority (the Tax Directorate of the City of Timisoara and the Timisoara General Local Police Directorate), with approximately 112 systems affected; infrastructure of the project "National Management System on Disability" for the National Authority for the Protection of the Rights of Persons with Disabilities (ANPDPD); the Bucharest District 5 City Hall, which had a major impact on the services made available to the public, affecting the Domain Controller servers, the Local Police telephone exchange and workstations.The 2024 DNSC activity report was recently approved by the Supreme Council for National Defence (CSAT). (Photo:https://www.facebook.com/)