IT Brief New Zealand logo
Technology news for New Zealand's largest enterprises
Story image

New study reveals opportunistic behaviour of cyber criminals

By Catherine Knowles
Fri 29 Jul 2022

According to a new report from Palo Alto Networks, the heavy use of software vulnerabilities matches the opportunistic behaviour of threat actors who scour the internet for vulnerabilities and weak points on which to focus.

The 2022 Unit 42 Incident Response Report offers a multitude of insights gleaned from Unit 42 by Palo Alto Networks extensive incident response (IR) work, leveraging a sampling of over 600 Unit 42 IR cases, to help CISOs and security teams understand the greatest security risks they face, and where to prioritise resources to reduce them.

In the report, Unit 42 identified that finance and real estate were among the industries that received the highest average ransom demands, with an average demand of nearly $8 million and $5.2 million, respectively.

Overall, ransomware and business email compromise (BEC) were the top incident types that the Incident Response team responded to over the past 12 months, accounting for approximately 70% of incident response cases.

Wendi Whitmore, SVP and head of Unit 42 at Palo Alto Networks, says, "Right now, cyber crime is an easy business to get into because of its low cost and often high returns. As such, unskilled, novice threat actors can get started with access to tools like hacking-as-a-service becoming more popular and available on the dark web.

"Ransomware attackers are also becoming more organised with their customer service and satisfaction surveys as they engage with cyber criminals and the victimised organisations."

Key trends covered in the report include:

Ransomware

A new ransomware victim is posted on leak sites every four hours. Identifying ransomware activity early is critical for organisations. Typically, ransomware actors are only discovered after files are encrypted, and the victim organisation receives a ransom note.

Unit 42 has identified that the median dwell time - meaning the time threat actors spend in a targeted environment before being detected - observed for ransomware attacks was 28 days.

Ransom demands have been as high as $30 million, and actual payouts have been as high as $8 million, a steady increase compared to the findings of the 2022 Unit 42 Ransomware Report.

Increasingly, affected organisations can also expect threat actors to use double extortion, threatening to publicly release sensitive information if a ransom isn't paid.

BEC

Cyber criminals used a variety of techniques in business email compromise wire-fraud schemes. Forms of social engineering, such as phishing, offer an easy and cost-effective way to gain covert access while maintaining a low risk of discovery.

According to the report, in many cases cyber criminals are simply asking their unwitting targets to hand over their credentials - and getting them. Once they have access, the median dwell time for BEC attacks was 38 days, and the average amount stolen was $286,000.

Affected industries

Attackers follow the money when it comes to targeting industries; however, many attackers are opportunistic, simply scanning the internet in search of systems where they can leverage known vulnerabilities.

Unit 42 identified the top affected industries in incident response cases as finance, professional and legal services, manufacturing, healthcare, high tech, and wholesale and retail. Organisations within these industries store, transmit and process high volumes of monetisable sensitive information that attracts threat actors.

The report also reveals some statistics from IR cases:

  • The top three initial access vectors used by threat actors were phishing, exploitation of known software vulnerabilities and brute-force credential attacks focused primarily on remote desktop protocol (RDP). Combined, these attack vectors make up 77% of the suspected root causes for intrusions.
  • ProxyShell accounted for more than half of all vulnerabilities exploited for initial access at 55%, followed by Log4J (14%), SonicWall (7%), ProxyLogon (5%) and Zoho ManageEngine ADSelfService Plus (4%).
  • In half of all IR cases, our investigators discovered that organisations lacked multifactor authentication on critical internet-facing systems, such as corporate webmail, virtual private network (VPN) solutions or other remote access solutions.
  • In 13% of cases, organisations had no mitigations in place to ensure account lockout for brute-force credential attacks.
  • In 28% of cases, having poor patch management procedures contributed to threat actor success.
  • In 44% of cases, organisations did not have an endpoint detection and response (EDR) or extended detection and response (XDR) security solution, or it was not fully deployed on the initially impacted systems to detect and respond to malicious activities.
  • 75% of insider threat cases involved a former employee.
Related stories
Top stories
Story image
Document Management
TrustRadius gives M-Files two document management awards
TrustRadius has recognised M-Files with both a 2022 Best Feature Set and a 2022 Best Relationship award in document management.
Story image
SaaS
AvePoint rebrands SaaS learning product to MaivenPoint
"Our mission with MaivenPoint is to make your learning experience limitless and inspire everyone to achieve their aspirations."
Story image
Neat
Workplace design a crucial factor for better employee experience - report
The key to a successful workplace could be its design, according to research from Ecosystm and Neat.
Story image
Pure Storage
Pure Storage named leader in GigaOm report for Kubernetes storage
Pure Storage named the leader for the third consecutive year by GigaOm Radar Report for enterprise Kubernetes storage.
Story image
Storage
DCI Data Centers breaks ground on AKL02 center
DCI Data Centers has commenced construction on Auckland's largest data center.
Story image
Inde
Exclusive: Inde provides innovative solutions across the tech sector
Inde likes to call its approach the 'power of the collective', which essentially means that if a client approaches the company with a problem, they'll get the team's collective insight to help drive the best outcome.
Story image
Enterprise
Fortinet reports second quarter 2022 financial results
“We delivered strong revenue and billings growth in the second quarter driven by an increase in the number of transactions larger than one million dollars."
Story image
Broadband
MyRepublic unveils 'choose the speed you need' mobile plans
Broadband provider MyRepublic has announced the details of its new 'choose the speed you need' mobile plans, designed for New Zealanders. 
Story image
SAP
Microsoft unveils two new security products to help reduce attack surfaces
The products are set to give companies deeper insights into threat actor activity and help them successfully navigate the changing threat landscape.
Story image
SaaS
Why is MACH architecture a new big thing in the tech world?
More and more global enterprises are considering replacing the monolithic tech stack with the best-of-breed composable stack that enables greater business agility.
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Heidrick & Struggles
Graham Kittle joins us today to discuss how the company is helping organisations bring about change within their business.
Story image
Tablets & laptops
Chromebook and tablet shipments see another rapid decline for the year
According to research from Canalys PC Analysis, Chromebook and tablet shipments have fallen for the fourth quarter in a row for Q2 of 2022.
Story image
SaaS
ManageEngine unveils SaaS availability of Analytics Plus
ManageEngine's Analytics Plus is now available as a software as a service (SaaS) offering, enabling users to set up a completely functional and integrated analytics platform anywhere in under a minute.
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Talend
Stu Garrow joins us today to discuss the company’s key solutions, and how they can help organisations thrive in the data management space.
Story image
Ransomware
Ivanti and SentinelOne partner on patch management solution
Ivanti and SentinelOne will integrate their technologies Ivanti Neurons for Patch Management and SentinelOne's Singularity XDR platform.
Story image
Compliance
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Story image
Indusface
Why enhancing bot protection for web and API endpoints matters
The trouble with bots is that they aren’t all bad. Unfortunately, this can make it challenging to detect malicious bots that find their way into your system and threaten your business.
Story image
Apple
2degrees unveils eSIM functionality for selected devices
2degrees has enabled eSIM functionality to work with a variety of Apple, Samsung and Oppo devices, including a range of iPads.
Story image
Customer
OfficeMax NZ sees significant growth through Seismic partnership
OfficeMax New Zealand has announced it has seen a significant increase in customer and sales confidence as a result of Seismic’s digital enablement software.
Story image
Data Protection
CyberRes partners with Google Cloud in lead up to BigQuery release
CyberRes, a Micro Focus line of business, has announced a partnership with Google Cloud to support the upcoming release of BigQuery remote functions.
Story image
Firewall
Fortinet unveils compact firewall for hyperscale data centres, 5G networks
"Fortinet’s dedication to pushing the boundaries of what is possible in security performance has yielded the most powerful compact firewall yet."
Story image
Sustainability
Visa launches Eco Benefits solutions in Australia and NZ
Eco Benefits is a suite of sustainability-focused solutions that will help Visa cardholders better understand the environmental impact of their payments.
Story image
Financials
Google NZ numbers show strong comprehensive profit increase
The latest financial report from Google New Zealand Limited has revealed an increase in total comprehensive profit of over $NZD 7 million.
Story image
Gartner
Veeam named Leader in enterprise backup and recovery
"We believe our innovation and ability to execute validates our solid standing as the #1 trusted provider of modern data protection."
Story image
Enterprise Resource Planning / ERP
Why the right ERP (and partner) is crucial to an innovative and successful business
Enterprise Resource Planning (ERP) is a foundational step to ensuring a robust business model; here's why choosing the right one could be vital to ensuring long-term success and innovative results.
Story image
Phishing
Norton research finds NZ threat landscape diversifying on social media
Norton's quarterly report has highlighted the seriousness of the threat landscape in New Zealand.
Story image
Data center
Macquarie Asset Management acquires stake in ST Telemedias VIRTUS Data Centres
"We will further strengthen VIRTUS' focus on sustainability by backing investment in its technology and enhancing the lifecycle management of its equipment."
Story image
Healthcare
Why the Metaverse could be the key to enhancing the healthcare sector
The experts at Accenture understand that the programmable world is about building the next version of the physical world in healthcare, understanding complex layers in order to fully utilise technology to its maximum effect.
Story image
Remote Working
Four-day week: Perceptions across Asia Pacific and Japan
Workers across APJ want to be empowered to do their best work, wherever and whenever they want.
Story image
Identity and Access Management
Pitney Bowes launches rebranded digital visitor management offering in A/NZ
Pitney Bowes has launched Smart Access Management (SAM), its rebranded digital visitor and contractor management offering in Australia and New Zealand.
Story image
API
Security gaps in APIs plague organisations - study
Together, the findings highlight that existing solutions and API security tactics focused on shift-left strategies are failing to adequately protect APIs.
AWS Marketplace
Learn how security orchestration, automation, and response (SOAR) enhances your security strategy.
Link image
Story image
Financial results
Facebook NZ financial report reveals notable revenue increase
Revenue from contracts with customers increased by $NZD 1,089,292 compared to 2020's figures.
W.Media
Register now for the Sydney Cloud & Datacenter Convention 2022 and learn about topics ranging from digital transformation to data center sustainability.
Link image
Story image
Rubrik
Gartner names Rubrik Leader in 2022 Magic Quadrant
Rubrik has been positioned by Gartner as a Leader in the 2022 Magic Quadrant for Enterprise Backup and Recovery Software Solutions.
Story image
Migration
Four benefits companies can realise by transitioning to S/4HANA early
Although there is time before organisations are required to transition to a cloud-based solution, such as S/4HANA, it is beneficial to transition now. Waiting too long could complicate the process.
Story image
Payroll
Exclusive: UKG brings a people focused approach to workforce management
Managing an effective and efficient workforce is the crux of any business operation, and in today's climate, it's more than just work employers need to be aware of.
Story image
Cybersecurity
Qualys develops EASM capabilities for Cloud Platform
"Qualys unique approach to EASM is integrating the internal and external asset data from CyberSecurity Attack Management with its VMDR solution into a single view."
Story image
Data Protection
Video: 10 Minute IT Jams - An update from SearchInform
Alexey Pinchuk joins us today to discuss the role the company plays in helping organisations manage risk and provide better security outcomes.
Story image
Gaming
Chorus announces Hyperfibre sponsorship deal with NZ Esports
Chorus has put its support behind New Zealand's Esports community with a newly announced three-year Hyperfibre sponsorship deal with NZ Esports.
Story image
Mergers and Acquisitions
Netskope acquires Infiot, delivers integrated SASE platform
Converged SASE platform provides AI-driven zero trust security and simplified, optimised connectivity to any network location or device, including IoT.