Subscribe

Kroll reports more ransomware attacks on manufacturing

Ransomware
/ 16th February 2023 /
John Kinsella

Cyber security specialist Kroll’s latest Threat Landscape Report has warned that ransomware attacks rebounded strongly in Q4 2022, with a significant spike in focus on technology and manufacturing.

Kroll said that Q4 activity aligned with the trend that defined 2022 as a whole: not only have many familiar threats not gone away, but they continue to evolve and adapt.

According to the report: “The central story is cybercriminals’ ability to quickly evolve and regroup in the face of advancing security controls, law enforcement activity and geopolitical disruption.

“The near-seamless transition from Office maldocs to container files in phishing attacks and new access tactics like Google Ads abuse illustrate the constant evolution of techniques to which organisations must pay attention in order to improve their defences."

Kroll expects that “democratization of cybercrime” through technology such as ChatGPT could also drive further developments in threat activity.

In Association with

Laurie Iacono, associate managing director in Kroll’s Cyber Risk business, said it is highly probable that ransomware will continue to evolve in complexity and impact in the year ahead.

“With the value of cryptocurrency going down and the average ransomware profits declining last year, 2023 could well see ransomware-as-a-service groups looking to maximise their revenue streams and ransomware actors as a whole becoming more destructive,” she said.

“Large IT providers are likely to be a target in 2023, as threat actors attempt to use them as a route to compromise end clients via supply chain attacks."

Kroll’s latest research finds that familiar threats remained highly active throughout 2022, such as a significant increase in phishing and a notable rise in unauthorised access, increasing from 18% of cases in 2021 to 25% in 2022.

Notable new initial access methods included an infection method leveraging Google Ads to spread credential-stealing malware, and a rise in the use of USB-borne malware as a means to spread infection throughout a network.

ransomware
Kroll
Kroll said that Q4 activity aligned with the trend that defined 2022 as a whole: not only have many familiar threats not gone away, but they continue to evolve and adapt. (Pic: Getty Images)

Ransomware variants

LockBit overtook Conti as the most common ransomware variant of 2022, while phishing replaced CVE/Zero-Day Exploitation as the most common initial access method of 2022, according to Kroll.

Email compromise was the most common threat type of 2022, similar to 2021. However, email compromise saw a decline from its 42% peak in 2021, which Kroll attributed to widespread patching for the Microsoft Exchange ProxyLogon vulnerabilities.

Iacono added: “Timely threat intelligence from real incidents, deeply integrated into security response operations technology and teams will be key to cyber resilience in the year ahead.

"With so many sectors targeted by attackers throughout 2022, no industry or market segment can afford to be complacent as it relates to ongoing monitoring of their internal infrastructure.

"Apart from working with trusted partners to achieve this, businesses can implement specific changes themselves. These include enforcing multi-factor authentication, using remote desktop protocol, creating multiple backups and having effective access control."

Kroll managing director Walmir Freitas commented that the manufacturing sector is an attractive target for ransomware gangs due to the level of business disruption it can cause.

“Often these sectors hadn’t typically seen themselves as targets for cybercriminals because they held limited sensitive information.

“But the growth in ransomware has changed the game. Manufacturing organisations may be more willing to pay a ransom when their ability to operate is hanging in the balance.”

Sign up to The Business Plus Panel to help shape the business decisions of tomorrow and win vouchers for your opinions! 
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram