NCC Group's Annual Threat Monitor Report unpicks the trends and patterns in the cybersecurity landscape every year, based on observations from our Managed Detection Response (MDR) and Cyber Incident Response Teams (CIRT). It equips you with the knowledge to inform your security investment and spend decisions in 2023.
What has shaped the threat landscape in 2022?
The ongoing conflict between Russia and Ukraine has had a major impact, with both countries deployed their full arsenal of offensive cyber capabilities. This led to an increase in disinformation, defacement, and Distributed Denial of Service (DDoS) attacks, as well as the use of destructive malware to cripple critical national infrastructure in Ukraine and other countries.
We could expect a rise in DDoS attacks in 2023 as this trend continues, especially amongst growing network of connected devices.
Such attacks effect the availability of systems or services, including customer portals or websites, significantly reducing the ability for an organisation to function. When conducting risk assessments of critical assets, due consideration needs to be given to ensure adequate protections are in place to mitigate the effects an attack may have on operations. Companies could run attack simulations as a regular practice, testing the implementation of protective processes provide the necessary protection in the event of such an attack.
There was a 5% decline in ransomware incidents in 2022 as compared to 2021. Possibly due, in part, to a strengthened response to such threats from law enforcement agencies and governments around the world, which resulted in the arrests of key members of cyber-criminal groups and intelligence operatives.
The second 'Counter Ransomware Initiative' took place, showing international support for a task force to combat ransomware from organised crime groups. In fact, most ransomware attacks (81%) were conducted by Organized Crime Groups (OCGs) and of those attacks, 56% were ransomware attacks and 24% were Business Email Compromise (BEC) attacks.
The overall decline in ransomware incidents is not to be mistaken for a halt in the persistence of such attacks, however. There was a notable surge in such incidents between February and April in particular, coinciding with the Russian invasion of Ukraine, with prominent group LockBit increasing its activity in particular. Given continued conflict and wider geopolitical turmoil, alongside the lucrative nature of such attacks, organisations need to remain vigilant against ransomware. They must actively take steps to review internal vulnerabilities and strengthen protective barriers to develop resilience against such attacks – particularly considering how cyber insurance policies are now less likely to cover the cost of ransom pay-outs in the event of attack.
Looking at wider ransomware trends, North America (44%) and Europe (35%) suffered the most ransomware attacks in 2022. North America bore the brunt, with 44% of all incidents (1,106), a 24% decrease from 2021’s figures (1,447).
Europe observed 35% of all incidents, with an 11% increase in attack numbers, witnessing 896 in 2022 as compared to 810 in 2021. It was potentially influenced by surges in activity associated with the Russia-Ukraine conflict in the first half of the year.
The Industrial sector found itself the most heavily attacked in 2022, with most targeted sectors in 2022, with 804 victim organisations (32%), followed by Consumer Cyclicals with 487 (20%) and Technology with 263 (10%).
While this remains consistent with previous years, our Annual Threat Monitor Report called attention to a relative 10% surge in victim numbers for ‘consumer cyclical’ organisations, especially hotel and entertainment, specialty retailers, homebuilding and construction supply retailers, and financial services. Organisations in this sector, particularly those with large Operational Technology or Internet of Things (IoT) estates are likely to come under continued targeting. This will inevitably call upon decision makers within organisations to review their spend with the significant threats to their cyber security in mind.
Meanwhile, Software & IT Services was the most targeted sector within Technology, presenting multiple opportunities to threat actors, from the theft of intellectual property to using victim companies for supply chain compromises.
Analysis from across 2022 highlighted ransomware operators as effective innovators willing to find any opportunity and technique to extort money from their victims, with data leaks and DDoS being added to their arsenal to mask more sophisticated attacks. The patterns that have emerged point towards 2023 being another active year for ransomware attacks and call for organisations to take action to build resilience to protect against, or remain operational in the event of, such incidents.
We know that cyber incidents of all shape and size will persist in 2023, and as we saw from last year, they are likely to evolve in type, techniques, motivations and influence. From ransomware to DDoS, to business e-mail compromise, threat actors are advancing attack types. These advances call for organisations to ensure their security stance reflects the risks they face, and evaluate cyber security spending budgets appropriately.
Preparation is key, from having robust recovery processes in place, to being able to quickly and effectively deploy thorough incident response plans. This way, organisations can be ready to take on the ever-evolving cyber threat landscape.
Want to know more?
Read the full magazine.