ROBERT MIKAC, KREŠIMIR MAMIĆ, IVA ŽUTIĆ:  CYBERTERRORISM THREATS TO CRITICAL INFRASTRUCTURE: COORDINATION AND
                                      COOPERATION FROM BRUSSELS TO SOUTH-EASTERN EUROPE AND BACK

            breaches by way of phishing (67%), weak/reused passwords (56%), unsecured devices (44%),
            sharing passwords (44%) and unsecured WiFi networks (32%) (ENISA, 2019: p 72). An indi-
            vidual usually leaks information by unintended disclosure (72.2%), while hacking or malware
            is responsible for 27.1% of leakage and physical loss only 0.1% (ENISA, 2019: p 79). Most
            data leakage incidents happen in governmental organizations (ENISA, 2019: p 81), such as
            when the fitness tracking app Strava, via collected information, disclosed the locations of
            US, Russian and UK secret military bases in Syria and Afghanistan (ENISA, 2019: p 82).
            Cryptojacking is a relatively new cyber threat it but has already found its way to critical infra-
            structure in Europe: “in February 2018, the first incident of cryptomining malware was found
            in SCADA systems of a water utility” (ENISA, 2019: p 95).

            Ransomware is a dire cyber threat that targets critical infrastructure, usually healthcare orga-
            nizations, by ransoming medical devices. Unlike cybercriminals who create ransomware for
            the ransom, the assumption is that nation-state actors create ransomware as a cover for cy-
            berterrorism, like they did with the WannaCry (North Korea suspected) and NotPetya (Russia
            suspected) attacks. WannaCry attacked mostly healthcare organizations, infecting more than
            200,000 computers in 150 countries and collecting more than 312 ransom payments, and the
            Boeing aircraft manufacturing company (ENISA, 2019: p 103). NotPetya mostly infected
            computers in Ukraine, including those of the National Bank of Ukraine, while the ransom-
            ware PyLocky targeted European countries in 2018. Nevertheless, we must be very careful
            here about connecting cyberterrorism and states, because it raises the question of how much
            we are willing to label a country with cyberterrorism.

            Cyber espionage, a nation-sponsored type of cyber-attack, has been utilized in a more sig-
            nificant amount in recent years against “industrial sectors, critical and strategic infrastruc-
            ture across the world including government entities, railways, telecommunication providers,
            energy companies, hospitals and banks”, and “focuses on driving geopolitics, stealing state
            and trade secrets, intellectual property rights and proprietary information in strategic fields”
            (ENISA, 2019: p 107). The most active and capable cyber actors in economic espionage in
            the world are Russia, China and Iran, with North Korea not far behind. Some well-known
            cyber espionage threat-groups or campaigns are ZooPark (targeted Android users in Asia
            and North Africa and an independence referendum in Kurdistan); Powerstats and Pipefish
            (targets users in West and South-West Asia, North Africa, and the Middle East); an Iranian
            campaign, Myket, via updates in the marketplace; and Operation Parliament (infiltrating top
            governmental, judicial, military and intelligence bodies, as well as large companies, mostly in
            the Middle East and North Africa) (ENISA, 2019: p 111). Most critical for the EU is the Rus-
            sian campaign APT28, which has targeted the Emmanuel Macron campaign, the Montenegro
            Parliament, Embassies in Europe and Russia, and the European Defence Agency, as well as
            compromising the networks of the German Bundestag, the French television network TV5
            Monde, WADA (the World Anti-Doping Agency), FIFA (Fédération Internationale de Foot-
            ball Association) and a Ukrainian military mobile app (Council on Foreign Relations, 2020).

            Looking at the bigger picture, but also focusing on the Republic of Croatia, the Security and
            Intelligence Agency of the Republic of Croatia states the following: “NATO and the EU mem-
            bers are often under attack by malicious cyber campaigns aimed at undermining the protected
            communications and information systems. The Republic of Croatia has been a target of a
            series of cyber-attacks in recent years. These were the so-called APT attacks (Advanced Per-
            sistent Threat) which are long-term undetected attacks characterized by high level of exper-
            tise, highly complex organization and a plan of attack that includes careful targeting (govern-

                                                                                    117