Caught in the crosshairs: Tech sector a major target of ransomware
The technology sector was a major target of ransomware in Q4 2022; and large IT providers are likely to be targeted in 2023, according to a new report.
Kroll has published its Q4 2022 Threat Landscape Report, showing an evolving cyber threat landscape. Kroll's report finds that several familiar threats remained highly active throughout 2022, such as a significant increase in phishing and a notable rise in unauthorised access, up from 18% of reported incidents in 2021 to 25% in 2022.
Sector Analysis: Tech and Manufacturing Caught in the Crosshairs
In 2022, the top five impacted sectors across Kroll's incident response cases were: professional services, healthcare, financial services, manufacturing, and technology and telecommunications. While professional services was the most targeted sector last year (accounting for 16% of cases), Kroll has observed a slight decline in attacks on that sector since 2021, while other sectors saw an upsurge namely manufacturing (rising to 12%) and technology and telecommunications (rising to 10%).
According to Kroll's Q4 2022 Threat Landscape Report, the sectors most impacted by cyber threat incidents in 2022 include professional services, healthcare, and financial services.
Other key findings in the report include:
Growing risk to supply chains, with ransomware attacks against the technology and telecommunications sector more than doubling in Q4. Kroll observed a number of attacks on managed service providers (MSPs).
Manufacturing experienced a 25% upsurge in ransomware incidents in Q4, as attackers sought to capitalise on the threat to business continuity.
LockBit has overtaken Conti as the most common ransomware variant of 2022.
Phishing replaced CVE/Zero-Day Exploitation as the most common initial access method of 2022.
Email compromise was the most common threat type of 2022 (similar to in 2021), closely followed by ransomware and unauthorized access.
Kroll's report also noted a large year-on-year increase in unauthorised access in 2022, and found that insider threat accounted for the majority of that activity.
Activity observed by Kroll in Q4 aligned with the trend that defined 2022 as a whole where many familiar threats continue to evolve and adapt. This was evidenced in the prominence of ransomware throughout 2022, hitting healthcare in Q2, then education in Q3, before a significant spike in technology and manufacturing in Q4.
The central story of 2022 is cybercriminals ability to quickly evolve and regroup in the face of advancing security controls, law enforcement activity and geopolitical disruption. The near-seamless transition from maldocs (malicious Office documents) to container files in phishing attacks and new access tactics like Google Ads abuse illustrate the constant evolution of techniques to which organisations must pay attention in order to improve their defences, in addition to newly emerging threats.
Timely threat intelligence from real incidents, deeply integrated into security response operations technology and teams is the key to cyber resilience in the year ahead.
The Year Ahead: Threats Likely to Evolve in Form and Focus
Looking ahead, Kroll's report foresees that the instabilities which allowed attackers to thrive last year, particularly market volatility across the globe and the ongoing war on Ukraine, will likely continue to do so in 2023. The continued democratisation of cybercrime as a result of new technology such as ChatGPT could also give rise to further threats.
"With the value of cryptocurrency falling and average ransomware profits declining last year, 2023 could well see ransomware-as-a-service groups looking to maximise their revenue streams, and thus ransomware actors as a whole may become more destructive," says Paul Jackson, Regional Managing Director of Asia Pacific, Cyber Risk, Kroll.
"Following on from the technology sector being a major target of ransomware in Q4 2022, large IT providers are likely to be a target in 2023, as threat actors attempt to use them as a route to compromise end clients via supply chain attacks.
"An increase in attacks against Operational Technology (OT) environments is also highly probable, as is the use of techniques similar to those used in 2022," he says.
"A robust managed detection and response program will play a vital role in enabling businesses to respond effectively to the many and varied threats likely to arise in 2023.
"Businesses can implement specific changes themselves, or with assistance from trusted retained cyber risk consultants. These include enforcing multi-factor authentication, using remote desktop protocol (RDP), creating multiple backups and having effective access control."