CloudSEK researchers in the past two years witnessed evolving attack surfaces and a continuous increase in the sophistication of tools and tactics employed by threat actors. Data from CloudSEK XVigil shows that the attacks have become more focused.
BFSI, healthcare, education, and government sectors remained top targets while regions like North America, Asia & Pacific, and Europe were the most attacked.
XVigil data shows that North America, Asia & Pacific, and Europe remained the most targeted regions in both the years 2021 and 2022. However, this was not a consistent trend. North America witnessed a decline in targeted attacks but remained the third most targeted region in 2022 (down from second in 2021), while Europe rose to the second position, possibly due to the Russia-Ukraine war.
Here are a few interesting region-based findings inferred from the data gathered:
Asia & Pacific remained the most targeted region, receiving 20.4% of all attacks in 2021 and 24.1% of all attacks in 2022. The number of attacks targeting Asia & Pacific increased by 26.4%. India was the second most targeted country in both 2021 and 2022. The number of attacks increased by 24.3% in 2022.
Indonesia and Russia rose to the top 5 targeted countries in 2022 (third and fourth respectively). This can be attributed to a rise in hacktivist activities due to the #OpIndonesia campaign and the Russia-Ukraine war.
Europe rose to the second most targeted region in 2022 from third in 2021. While it accounted for about the same percentage of all attacks in both years (≈18%), the number of attacks increased by 8.3%.
USA remained the most targeted country, despite the decline in the number of attacks. This follows the trend of a decline in attacks in North America from 18.9% in 2021 to 16% in 2022. The total number of attacks observed a 9.7% decline.
“According to XVigil data, 2022 observed an increase in cybercrime with a surge in sophisticated and targeted cyber attacks. This can be attributed to an increase in underground activity leading to a rise in utility of malicious tools and malware. Emergence of numerous new ransomware groups and persistence of the old ones lead to an exponential increase in ransomware attacks. Sectors like electric vehicles grabbed the attention of threat actors owing to the new technologies plagued with various vulnerabilities. Increased exploitation of critical infrastructures, hacktivist activities, and state-sponsored attacks led to the government sector being the most targeted industry in 2022,” said a security researcher from CloudSEK TRIAD team.
Commonly Employed Attack Vectors
Database and access were predictably the most targeted data types in both 2021 and 2022. The percentage of attacks targeting databases remained nearly the same in both years (≈50%), however, the percentage of attacks involving access dropped from 30.6% to 17.8%. Credential exposure, possibly by weak passwords and password reuse, serves as a gateway for initial attacker access and spread.
Ransomware attacks increased drastically, going from the least common (0.3%) in 2021 to the third most common (8.0%) in 2022. Many new ransomware operators emerged in 2022, while some prominent ransomware groups launched their new versions (such as LockBIT 3.0). RaaS or Ransomware as a service models also gained popularity and were used extensively in the Russia-Ukraine war. Attacks exploiting vulnerabilities maintained a significant presence, with 4.5% of the total attacks in 2021 and 5.5% of the total attacks in 2022.
Attacks involving malware, PII records, phishing scams, credit card frauds, and various service models (RaaS, MaaS, etc.) were also prominent.
Major Industries Targeted
· Attacks affecting multiple industries were most prominent but observed a decline from 18.7% of all attacks in 2021 to 14.8% of all attacks in 2022. The number of attacks decreased by 15.41%. This is another indication that more attacks are becoming targeted.
· Attacks on the government sector increased exponentially in 2022. Attacks on the government accounted for 4.1% in 2021, which increased to 12.1% in 2022 (most targeted).
· BFSI sector saw a 12.1% decrease in the number of attacks, but still remained the second most targeted sector. Banking and finance was the most targeted sector in 2021, responsible for 12.2% of the total attacks, and dropped to the second most targeted sector in 2022, responsible for 10% of the total attacks.
· Instances of selling/advertising various services and malwares on underground forums increased by 27.95% in 2022. The percentage of attacks reporting underground threats increased slightly from 8% in 2021 to 9.6% in 2022.
· Attacks on the service sector increased by 5.14% but their contribution to the total percentage decreased from 9.7% to 8.4%.
· IT & technology, e-commerce, and media, entertainment & marketing industries saw a decline in the number of attacks but remained in the top 10 industries targeted.