Tech and Manufacturing Increasingly Targeted

Technology sector a major target of ransomware in Q4 2022; large IT providers likely to be targeted in 2023

Kroll, the leading independent  provider of global risk and financial advisory solutions, has recently published its Q4  2022 Threat Landscape Report, showing an evolving cyber threat landscape. Kroll’s  report finds that several familiar threats remained highly active throughout 2022,  such as a significant increase in phishing and a notable rise in unauthorized access – up from 18% of reported incidents in 2021 to 25% in 2022. 

Sector Analysis: Tech and Manufacturing Caught in the Crosshairs 

In 2022, the top five impacted sectors across Kroll’s incident response cases were:  professional services, healthcare, financial services, manufacturing, and technology  and telecommunications. While professional services was the most targeted sector  last year (accounting for 16% of cases), Kroll has observed a slight decline in attacks 

on that sector since 2021, while other sectors saw an upsurge – namely manufacturing (rising to 12%) and technology and telecommunications (rising to  10%).

According to Kroll’s Q4 2022 Threat Landscape Report, the sectors most impacted by cyber threat  incidents in 2022 include professional services, healthcare, and financial services. 

Other key findings in the report include:  

– Growing risk to supply chains, with ransomware attacks against the  technology and telecommunications sector more than doubling in Q4. Kroll  observed a number of attacks on managed service providers (MSPs).  

– Manufacturing experienced a 25% upsurge in ransomware incidents in Q4, as  attackers sought to capitalize on the threat to business continuity.  – LockBit has overtaken Conti as the most common ransomware variant of  2022. 

– Phishing replaced CVE/Zero-Day Exploitation as the most common initial  access method of 2022. 

– Email compromise was the most common threat type of 2022 (similar to in 2021), closely followed by ransomware and unauthorized access.

Kroll’s report also noted a large year-on-year increase in unauthorized access in 2022, and found that insider threat accounted for the majority of that activity.

Activity observed by Kroll in Q4 aligned with the trend that defined 2022 as a whole where many familiar threats continue to evolve and adapt. This was evidenced in the  prominence of ransomware throughout 2022, hitting healthcare in Q2, then  education in Q3, before a significant spike in technology and manufacturing in Q4.  The central story of 2022 is cybercriminals’ ability to quickly evolve and regroup in  the face of advancing security controls, law enforcement activity and geopolitical  disruption. The near-seamless transition from maldocs (malicious Office documents)  to container files in phishing attacks and new access tactics like Google Ads abuse  illustrate the constant evolution of techniques to which organizations must pay  attention in order to improve their defences, in addition to newly emerging threats.  Timely threat intelligence from real incidents, deeply integrated into security  response operations technology and teams is the key to cyber resilience in the year  ahead. 

The Year Ahead: Threats Likely to Evolve in Form and Focus 

Looking ahead, Kroll’s report foresees that the instabilities which allowed attackers to thrive last year, particularly market volatility across the globe and the ongoing war  on Ukraine, will likely continue to do so in 2023. The continued democratization of  cybercrime as a result of new technology such as ChatGPT could also give rise to further threats. 

“With the value of cryptocurrency falling and average ransomware profits declining  last year, 2023 could well see ransomware-as-a-service groups looking to maximize  their revenue streams, and thus ransomware actors as a whole may become more  destructive,” said Paul Jackson, Regional Managing Director of Asia Pacific, Cyber  Risk, Kroll. “Following on from the technology sector being a major target of  ransomware in Q4 2022, large IT providers are likely to be a target in 2023, as threat  actors attempt to use them as a route to compromise end clients via supply chain  attacks. An increase in attacks against Operational Technology (OT) environments is  also highly probable, as is the use of techniques similar to those used in 2022.” “A robust managed detection and response program will play a vital role in enabling  businesses to respond effectively to the many and varied threats likely to arise in  2023. Businesses can implement specific changes themselves, or with assistance  from trusted retained cyber risk consultants. These include enforcing multi-factor  authentication, using remote desktop protocol (RDP), creating multiple backups and  having effective access control,” Paul Jackson added.