Orange Cyberdefense’s Security Operations Centers (SOCs) and CyberSOCs analyze over 60 billion events daily, investigating over 94,000 potential security incidents. Last year, its team of experts drilled down into this data to provide invaluable insights in making the digital world a safer place.
Highlights from the report include:
1. Malware is increasing
In 2021, malware was the most detected incident (38%), with network-related incidents dropping by 13% to 22%. This contrasts to 2020, where network and application anomalies were the number one incident type (35%).
In fact, malware attacks have almost doubled in the last twelve months. This can partly be explained by some of Orange Cyberdefense’s large customers increasing their detection capabilities to embrace malware. However, it’s clear that malware activity has increased overall.
2. Ransomware is now the most significant threat
Ransomware is now the biggest threat to enterprises. These cyber extortion (or "Cy-X") attacks are a form of computer crime in which the security of a corporate digital asset (confidentiality, integrity or availability) is compromised and exploited in a threat of some form to extortion payment.
Criminals often use a “double extortion” approach and leak samples of stolen data to expedite payment demands. Orange Cyberdefense’s research shows that double extortion attacks increased almost six-fold between the first quarter of 2020 and the third quarter of 2021.
In addition, ransomware-as-a-service cybergangs are going to even greater lengths to get victims to pay up, including launching distributed denial of service (DDoS) attacks, emailing clients and auctioning off stolen data.
3. Manufacturing tops the Cy-X hit list
While all industry verticals have seen data-leak threats, manufacturing, professional, scientific and technical services take the top two ranking spots. In fact, manufacturing represents over 23% of the cyber extortion listings that Orange Cyberdefense collected from January 2020 to October 2021.
There are several reasons for these industries appearing at the top of the attack list. Cybercriminals may believe organizations in these fields will be more likely to pay a ransom. Or it may be that their cybersecurity posture and ability to recover from a cyberattack are not as robust as other sectors. It may also be that the size of the industry overall makes it more prevalent.
But, as there is no specialization in these industries, we can assume they are not explicitly targeted. Instead, the common denominator appears that organizations in these sectors are less prepared to deal with a cyberattack.
4. OT, ICS and IOT incidents are on the increase
Manufacturing faces another threat, with compromises to operational technology (OT), industrial control systems (ICS) and IoT vulnerabilities accelerating. They account for 10% of overall vulnerabilities today. OT technology monitors and manages industrial process assets and manufacturing/industrial equipment. ICS is utilized in almost every industrial sector and critical infrastructure, such as the manufacturing, transportation, energy and water treatment industries.
Unfortunately, vulnerabilities here are critical and often easy to compromise. This, the report notes, is linked to a lack of security maturity in the IT/OT sector.
5. Attackers are aiming directly at security products
Malicious actors are directly targeting security products. Several data points and anecdotes suggest that security technologies are high on the radar for criminal and state-backed hacker groups. Research into vulnerabilities in security technologies is speeding up, and these vulnerabilities are being used to instigate serious compromises at a frightening rate.
Given this trend, it is imperative that enterprises are up to date on new vulnerabilities and patch and work to fix them quickly. At the same time, they need to be able to identify affected products quickly and mitigate accordingly.
6. Break-and-enter techniques still popular
Attacks may be getting more sophisticated, but malicious actors are still using basic techniques to get into the network, such as phishing emails. Raising awareness about phishing in the enterprise as part of cybersecurity training is important for prevention.
Trickbot is commonly used in phishing campaigns. It is dangerous because of its built-in ability to mutate. Detecting Trickbot, an established trojan for Microsoft Windows and other operating systems, is imperative to avoid compromise. As well as malicious behaviors, it can work in partnership with ransomware to access a compromised network to deploy ransomware.
Jan has been writing about technology for over 22 years for magazines and web sites, including ComputerActive, IQ magazine and Signum. She has been a business correspondent on ComputerWorld in Sydney and covered the channel for Ziff-Davis in New York.