Orange Cyberdefense Security Navigator 2023: cyber-extortion dominates

1. The manufacturing sector experienced the most attacks in 2022 in our dataset

The increasing digitalization of manufacturing facilities is delivering greater efficiencies, but connected production lines also open more potential points of attack. In 2022, 31% of all cybersecurity incidents occurred in the manufacturing vertical, of which more than a third were malware related. The report also found that manufacturing experienced more internally-attributed incidents than other industries, with 58% of breaches caused by internal sources. Regarding external incidents, web attacks, port scans and phishing were the three top types of attacks.

Why the manufacturing industry is home to such a consistently high proportion of victims remains unclear, even from our extensive data. It is likely that in the end, it simply comes down to issues of high levels of vulnerability. We see no real evidence of attackers targeting specific industries; they just try to compromise vulnerable businesses. The high number of victims we observe on attacker leaks sites could indicate more victims, but it may also mean that manufacturing is an industry that generally refuses to concede to initial ransom demands. Ultimately, however, vulnerability is probably the primary factor determining which company types get compromised and extorted.

2. Cyber-extortion continues to rise

Ransomware and cyber extortion attacks continue to pose a significant threat to organizations worldwide. In 2022, there were notable spikes in ransomware in March and April due to activity by international extortion-focused hacker groups Lapsus$ and Conti, plus concerns about the war in Ukraine.

At the same time, there has been a clear shift in the geographical locations of cyber-extortion (Cy-X) victims. Historically, larger, English-speaking countries have been most targeted by Cy-X attacks, primarily because of the size of their economies: the top 10 most impacted countries in history have included seven of the world’s biggest economies in terms of GDP. The shift this year, however, has seen fewer Cy-X and ransomware attacks in North America – a drop of 8% in the U.S. and 32% in Canada, respectively – and increases in Europe (18%), the UK (21%), the Nordics (138%) and East Asia (44%).

Gartner predicts that by 2025, 30% of countries will enact legislation that regulates ransomware payments, fines and negotiations, up from less than 1% of countries in 2021.

3. The war in Ukraine

Major global events like an invasion of another sovereign country inevitably come with a rise in cybersecurity events: modern-day warfare doesn’t only take place on the ground. It means that nations and organizations must take on an increased state of general readiness while continuing a robust defense strategy in the face of diverse threats from the conflict.

The Orange Cyberdefense Security Navigator reports that while the main targets for cyberattacks remain the parties directly involved in the war for now, there is an ongoing risk to countries that publicly support the Ukrainian government or have imposed sanctions against Russia. Top attack methods that could cause collateral damage to third parties include distributed denial of service (DDoS), phishing, exploiting known vulnerabilities – typically systems left exposed to the Internet or vulnerabilities on VPNs or firewalls – supply chain compromises and zero-day attacks.

Orange Cyberdefense expects hacktivism and ransomware activity to increase as the war continues, with attacks likely targeting governments and businesses worldwide.

4. Break-and-enter techniques remain popular

Although attacks are getting more sophisticated and frequent, cyberattackers still favor tried-and-trusted strategies to get into networks, such as phishing emails. With that in mind, continuing to raise awareness through training about phishing attacks is essential to protect enterprises.

TrickBot or Emotet are among the most popular phishing tools for cyber attackers. They can drop other malware that results in a Cobalt Strike beacon or injects a payload into the breached network environment. This gives attackers a base within the victim’s infrastructure and is ground zero for espionage, pivoting to other networks or extortion in the form of ransomware.

Security Navigator 2023 found that malware, including ransomware, continues to be the top threat, accounting for 40% of all incidents. It is especially prominent for small companies (under 1,000 employees), with 49% of them targeted by malware-based attacks, and large ones (10,000 employees and more), for which malware was responsible for 43% of cyberattacks.

5. Delays in patching threaten security and encourage attackers

The report analyzed new datasets on vulnerability this year and identified a worrying trend in serious vulnerabilities in enterprise business IT systems. Researchers found that 47% of confirmed vulnerabilities in the dataset could be considered “critical” or “high” severity. Critical vulnerabilities took organizations over six months (184 days) to patch. Other vulnerabilities took almost three times as long on average or were not patched at all.

Manufacturing companies rated below average compared to other industries for keeping patches up to date, with an average of 232 days versus an average of 215 days across all sectors. And with 50 new vulnerabilities discovered daily, it is pretty much impossible to patch them all. Orange Cyberdefense advises a risk-based approach to vulnerability management, focusing on those that pose a real risk based on the threat landscape and organizational context.

To learn what you need to know about cybersecurity in 2023, gain insights into the global threat landscape and how best to protect yourself and your organization, download the Orange Cyberdefense Security Navigator 2023 here.