Every six months, Accenture’s Cyber Investigations, Forensics and Response team provides a mid-year update on the state of cybercrime in the first six months of the year. In the previous edition, the team highlighted the tremendous rise in ransomware as a result of the Covid pandemic with supply chain weaknesses a particularly popular source of attack for cybercriminals seeking to access enterprise networks.
Given the nature of the pandemic, it's perhaps also no surprise that health and public services were the second most targeted sector after financial services as criminals sought to take advantage of the Covid-related chaos seen around the world.
Things have certainly not gotten any better, with the latest report from the company revealing a 125% rise in intrusion volume compared to the first half of last year. The company says that this growth was mainly by web shell activity, supply chain intrusions, targeted ransomware, and extortion stings.
Geographically, the United States was far and away the most affected country, with 36% of all incidents recorded.
The United Kingdom was a distant second, with 24%, and Australia even further back with 11% of all incidents.
From an industry perspective, attackers seem to have moved on from financial services and healthcare, with the consumer goods sector the worst affected, with 21% of all cyberattacks. Industrial and manufacturing were next, with 16% of incidents, followed by banking and hospitality, with just 10% and 9% respectively.
"Attacks appear to be on the rise every year. During my tenure in the cybersecurity space dating back to the late 1990s, I can’t recall a single instance in which anyone, anywhere indicated that attacks were on the decline," Chris Pogue, Head of Strategic Alliances, Nuix, told me.
“Now, regardless of the reasons for the rise, organic or inorganic, on the end of every attack is a victim of a crime. And like other crimes, there is no acceptable reason for being victimized. So being security-conscious and deploying reasonable security controls is like not walking down a dark alley in a foreign city with your pockets full of cash.”
Driving the change
The researchers identify a number of trends that they believe are driving this growth. Firstly, there appears to be no respite in sight in terms of attack volumes, with no slowdown apparent in the data. Instead, the number and scale of attacks seem to be continuing to trend upward.
The data revealed considerable growth in cyber incidents across every industry and every region, with activity in part being driven by the desire for nation-state actors to get involved alongside more traditional cybercriminals.
Despite attacks being up across the board, however, the distribution remains skewed towards certain regions and certain sectors.
Just five industries represent 60% of all attacks, including consumer goods, banking, hospitality, and manufacturing.
With the United States also bearing the brunt of attacks, it seems clear that cybercriminals are going after targets that they believe have evident vulnerabilities that can be exploited. With attacks on healthcare falling considerably to just 2% of the total, the data clearly shows what can be achieved when organizations devote sufficient time and resources to cybersecurity.
In terms of the nature of the attacks themselves, ransomware and extortion continue to dominate. The data found that such attacks represented nearly 30% of all cyberattacks, with REvil/Sodinokibi continuing to be the most deployed form of ransomware in the past six months.
What’s more, the scale of these attacks is growing with over 70% of ransomware attacks targeting organizations with over $1 billion in revenue, which suggests that attackers are going after “big game” in order to secure the maximum payout possible.
Preparing for the future
The researchers always use their reports to look ahead to the future as much as report on the last six months, and in this edition, they make a number of predictions for the year/s ahead. For instance, they argue that as economies return to a semblance of post-Covid normality, attackers may turn their attention to sectors seeking to recover, such as hospitality and retail.
It is also expected that ransomware will remain the most dominant form of threat faced by organizations in the year ahead.
This is despite an enormous increase in awareness about both the risks involved and how they might be mitigated. The researchers believe that we are entering a new phase whereby criminals employ even stronger tactics to pressure targets into paying the ransom and are more willing than ever before to capitalize on any opportunistic holes in organizations’ defenses.
They also exhibit a degree of skepticism about the success of the executive order on cybersecurity from the Biden administration in a bid to stem the tide of ransomware attacks. Instead, with vulnerabilities persisting in supply chains, there is likely to remain ample opportunities for opportunistic attacks to sit squarely alongside more persistent operations.
“Many organizations today are only securing their core corporate systems and not fully protecting their supply chain, subsidiaries, and affiliates. That’s why it’s critical for companies to have a holistic plan to cover their entire ecosystems,” said Robert Boyce, who leads Accenture’s Cyber Investigations, Forensics & Response business globally.
“Industries that previously experienced lower levels of cyberattacks during the pandemic ― such as consumer goods and services, industrials, travel and hospitality, and retail ― should reevaluate their cybersecurity posture as increased consumer activity in these industries present renewed opportunities for cybercriminals.”