Cyber extortion dominates landscape as 40% is malware

Orange Cyberdefense, the specialist arm of Orange Group dedicated to cybersecurity, has today launched its annual security research report, the Security Navigator 2023, available from 1st December. Amongst other things, this year’s in-depth analysis examined 99,506 potential incidents that were investigated and triaged by our CyberSOC teams, an increase of 5% from the 2022 report. While this year’s report shows encouraging signs that the pace of incidents is slowing, several factors are still a cause for global concern.

This year’s report suggests that cyberbattles are being won in some areas. However, a plethora of challenges remain.

For example, our data shows that businesses are still taking 215 days to patch a reported vulnerability. Even for critical vulnerabilities, it generally takes more than 6 months to patch. Indeed, our ethical hacking teams report a ‘Serious’ (Critical or High) issue in almost 50% of all the tests they conduct.

We are seeing Cyber Extortion impact businesses of all sizes across the world. 82% of observed Cy-X victims were small businesses, an increase from the 78% we measured last year.

While some of our teams observed a marked slow-down in cybercrime during the onset of the Ukraine war, the intensity soon increased again. We see significant increases in Cyber Extortion also: over the last six months, for example, the number of Cy-X victims in East Asia and South East Asia grew by 30% and 33% respectively.

Cyber-extortion remains the dominant form of attack but victim location is clearly shifting from North America towards Europe, Asia and emerging markets

Ransomware and cyber extortion attacks continue to prove a major threat to organizations globally, and as such featured regularly in Orange Cyberdefense’s World Watch threat advisories throughout the year. Notable spikes in news about ransomware occurred in March and April, resulting from Lapsus$ activity and Conti leak events, as well as concerns about the war on Ukraine.

Simultaneously, 40% of the incidents processed by our CyberSOCs involved Malware.

There is also a clear and visible geographical shift occurring, illustrated by Cy-X victim volumes decreasing by 8% in North America and 32% in Canada, but increasing in Europe, Asia and emerging markets. From 2021 to 2022 victim volumes increased in the European Union by 18%, in the UK by 21%, and by 138% in the Nordics. East Asia saw an increase of 44% and Latin America 21%.

We also observe dramatic shifts in the makeup of active criminal groups. From the top 20 actors observed in 2021, 14 are no longer in the top 20 in 2022. After Conti disbanded in Q2 2022, we observed Lockbit2 and Lockbit3 become the biggest Cyber Extortion actors in 2022 with over 900 victims combined.

We also note that these actors strike opportunistically. Almost 90% of all the actors we tracked claimed victims in the USA for example. More than 50% hit the UK. More than 20% of actors even hit Japan – a country with one of the smallest numbers of observed victims in our dataset.

CT Bureau