When it comes to cybersecurity incidents, the most impacted sectors in 2022 were professional services, healthcare, financial services, manufacturing, and technology and telecommunications, said Kroll recently when releasing its Q4 2022 Threat Landscape Report.
According to the risk and financial advisory solutions provider, several familiar threats remained highly active throughout 2022, such as a significant increase in phishing and a notable rise in unauthorised access – up from 18% of reported incidents in 2021 to 25% in 2022.
In 2022, professional services was the most targeted sector last year (accounting for 16% of cases) while there was a slight decline in attacks on the same sector since 2021.
However, other sectors saw an upsurge in cybersecurity incidents — namely manufacturing (rising to 12%) and technology and telecommunications (rising to 10%).
Survey highlights
- Growing risk to supply chains, with ransomware attacks against the technology and telecommunications sector more than doubling in Q4. Kroll observed a number of attacks on managed service providers (MSPs).
- Manufacturing experienced a 25% upsurge in ransomware incidents in Q4, as attackers sought to capitalise on the threat to business continuity.
- LockBit has overtaken Conti as the most common ransomware variant of 2022.
- Phishing replaced CVE/Zero-Day Exploitation as the most common initial access method of 2022.
- Email compromise was the most common threat type of 2022 (similar to in 2021), closely followed by ransomware and unauthorised access.
- There was also a large year-on-year increase in unauthorised access in 2022 while insider threat accounted for the majority of that activity.
- Activity observed by Kroll in Q4 aligned with the trend that defined 2022 as a whole where many familiar threats continue to evolve and adapt.
- This was evidenced in the prominence of ransomware throughout 2022, hitting healthcare in Q2, then education in Q3, before a significant spike in technology and manufacturing in Q4.
- The central story of 2022 is cybercriminals’ ability to quickly evolve and regroup in the face of advancing security controls, law enforcement activity and geopolitical disruption.
- The near-seamless transition from maldocs (malicious Office documents) to container files in phishing attacks and new access tactics like Google Ads abuse illustrate the constant evolution of techniques to which organisations must pay attention in order to improve their defences, in addition to newly emerging threats.
Cybersecurity in 2023
Looking ahead, Kroll foresees that the instabilities which allowed attackers to thrive last year, particularly market volatility across the globe and the ongoing war on Ukraine, will likely continue to do so in 2023.
The continued democratisation of cybercrime as a result of new technology such as ChatGPT could also give rise to further threats, the firm said.
With the value of cryptocurrency falling and average ransomware profits declining last year, 2023 could well see ransomware-as-a-service groups looking to maximise their revenue streams, and thus ransomware actors as a whole may become more destructive, said Paul Jackson, Regional Managing Director of Asia Pacific, Cyber Risk, Kroll.
“Following on from the technology sector being a major target of ransomware in Q4 2022, large IT providers are likely to be a target in 2023, as threat actors attempt to use them as a route to compromise end clients via supply chain attacks,” Jackson noted. “An increase in attacks against Operational Technology (OT) environments is also highly probable, as is the use of techniques similar to those used in 2022.”
A robust managed detection and response program will play a vital role in enabling businesses to respond effectively to the many and varied cybersecurity incidents likely to arise in 2023, he said.
“Businesses can implement specific changes themselves, or with assistance from trusted retained cyber risk consultants. These include enforcing multi-factor authentication, using remote desktop protocol (RDP), creating multiple backups and having effective access control,” he advised.