A new report from IBM has revealed the extent and trends relating to cyber attacks that have affected businesses over the past year, especially in Australia.
The 2023 X-Force Threat Intelligence Index report revealed that although ransomware incidents have slightly declined by four per cent in 2022 from the previous year thanks to improved detection and prevention of ransomware, cybercriminals have also made ‘innovations’ in their efforts as well, with the average time to complete a ransomware attack dropped from 2 months down to just less than 4 days.
The report particularly noted that email thread hijacking surged in the past year, having a 100 per cent jump compared to 2021 data. Commonly used to deliver malware families regularly used in ransomware operations, email thread hijacking and other email threats have grown to such sophistication that attackers can now hijack a user’s email account by pretending to be that user with the ability to read and reply to recent emails.
In addition, the deployment of backdoors, which allowed for remote access to systems, emerged as the top activity conducted by cybercriminals during that period., with about 67 per cent of those backdoor cases related to ransomware attempts. The uptick in backdoor deployments is being partially attributed to their high market value, going for as much as $10,000 for backdoor access to a business’ internal network.
“The shift towards detection and response has allowed defenders to disrupt adversaries earlier in the attack chain – tempering ransomware’s progression in the short term,” said Charles Henderson, Head of IBM Security X-Force. “But it’s only a matter of time before today’s backdoor problem becomes tomorrow’s ransomware crisis. Attackers always find new ways to evade detection. Good defense is no longer enough. To break free from the never-ending rat race with attackers, businesses must drive a proactive, threat-driven security strategy.”
As a result of these cybercriminal activities, many businesses suffered as a result, with 27 per cent of them underwent extortion, followed closely by data theft at 19 per cent. Manufacturing was the most extorted last year, and the most attacked for the 2nd consecutive year, accounting for about one in four attacks in 2022. Ransomware and backdoor deployments together made up more than half of all incidents observed in 2022.
Chris Hockings, Chief Technology Officer, IBM Security Asia Pacific commented, “The modern attack surfaces are becoming larger and more complex by the day, as organisations adopt cloud services and hybrid work models. Australian organisations need to manage three sub-surfaces: the digital attack surface, the physical attack surface, and the social engineering attack surface.
Hockings added, “The good news is there is technology and capability available to close the gap between a successful attack and its detection and mitigation, but businesses must drive a proactive, threat-driven security strategy. One of the fundamentals of Zero Trust is ‘assume breach’. An organisation’s response needs to swing continuously between detection and response to disrupt adversaries earlier in the attack chain and be applied across the end-to-end security environment.”
He concluded, “The US Government is driving cybersecurity standards around zero trust, which will ultimately permeate the cyber security landscape to enable more integrated protection, detection, and response motions. As these practices evolve, governments across Asia Pacific will have opportunity to mature their own standards aligned with these zero trust fundamentals.”
