Ransomware attacks mount vs tech, manufacturing firms

Several familiar threats remained highly active throughout 2022, such as a significant increase in phishing and a notable rise in unauthorised access that increased from 18% of reported incidents in 2021 to 25% in 2022, according to Kroll.

The Q4 2022 Threat Landscape Report from Kroll shows that in 2022, the top five impacted sectors across Kroll’s incident response cases were: professional services, healthcare, financial services, manufacturing, and technology and telecommunications. 

While professional services was the most targeted sector last year (accounting for 16% of cases), Kroll has observed a slight decline in attacks on that sector since 2021, while other sectors saw an upsurge – namely manufacturing (rising to 12%) and technology and telecommunications (rising to 10%).

Findings also show a growing risk to supply chains, with ransomware attacks against the technology and telecommunications sector more than doubling in the fourth quarter of 2022. Kroll observed a number of attacks on managed service providers (MSPs).

The manufacturing sector experienced a 25% upsurge in ransomware incidents during the quarter, as attackers sought to capitalise on the threat to business continuity.

LockBit has overtaken Conti as the most common ransomware variant of 2022, and phishing replaced CVE/Zero-Day Exploitation as the most common initial access method.

Email compromise was the most common threat type of 2022 similar to in 2021, closely followed by ransomware and unauthorised access.

Activity observed by Kroll in the fourth quarter aligned with the trend that defined 2022 as a whole where many familiar threats continue to evolve and adapt. This was evidenced in the prominence of ransomware throughout 2022, hitting healthcare in the second quarter, then education in the third quarter, before a significant spike in technology and manufacturing in the fourth quarter. 

The central story of 2022 is cybercriminals’ ability to quickly evolve and regroup in the face of advancing security controls, law enforcement activity and geopolitical disruption. 

The near-seamless transition from maldocs (malicious Office documents) to container files in phishing attacks and new access tactics like Google Ads abuse illustrate the constant evolution of techniques to which organisations must pay attention in order to improve their defences, in addition to newly emerging threats. 

Timely threat intelligence from real incidents, deeply integrated into security response operations technology and teams is the key to cyber resilience in the year ahead. 

Further, Kroll’s report foresees that the instabilities which allowed attackers to thrive last year, particularly market volatility across the globe and the ongoing war on Ukraine, will likely continue to do so in 2023. 

The continued democratisation of cybercrime as a result of new technology such as ChatGPT could also give rise to further threats. 

“With the value of cryptocurrency falling and average ransomware profits declining last year, 2023 could well see ransomware-as-a-service groups looking to maximise their revenue streams, and thus ransomware actors as a whole may become more destructive,” said Paul Jackson, cyber risk regional managing director at Kroll in the Asia-Pacific region. 

Jackson said large IT providers are likely to be a target in 2023, as threat actors attempt to use them as a route to compromise end clients via supply chain attacks. 

An increase in attacks against Operational Technology (OT) environments is also highly probable, as is the use of techniques similar to those used in 2022.