Connect with us


Cyber-extortion victims surge 46% globally

Orange Cyberdefense, the cybersecurity branch of Orange, will publish tomorrow at 10:00 a.m. CET its annual security research report, “Security Navigator 2024”. The report, which brings together, cross-references and analyzes data from various sources*, paints a vast and complex picture of the world of cybersecurity this year, amplified by technological, geopolitical, economic and social factors. In a context of increasing instability and unpredictability, it is essential for organizations to reduce their exposure to risk through understanding the threat landscape and its potential impacts.

Security Navigator 2024 reveals that threat detection teams processed 30% more events over the period, for a total of 129,395, including 25,076 (19%) confirmed incidents. The “Hacking” category remains predominant, with almost a third of confirmed incidents (30.32%), followed by the “Misuse” categories (16.61%) and “Malware”, in 3rd position (12.98%). %).

Despite a higher incident volume, the actual number of security incidents confirmed by our teams to the customers we support decreased by 14% year-over-year. The Manufacturing Industry sector (32.43%) is by far the most affected in terms of confirmed incidents, in line with trends in past years. Retail and Commercial (21.73%) and Professional, Scientific and Technological Services (9.84%) round out the Top 3, which alone accounts for more than two-thirds of the confirmed incidents we report to our clients.

In addition to the lure of profit, more and more malicious actors are motivated by political or ideological causes, combining espionage, sabotage, disinformation and extortion techniques in their attacks. This year’s record increase in the number of victims of cyber-extortion (ransomware) is global and is accompanied by a considerable increase in hacktivism, linked to the war against Ukraine. Current geopolitical events have also politicized some cyber extortion actors.

Record number of cyber-extortion victims recorded in 2023
The threat landscape of cyber-extortion, a mode of action consisting of extorting money from a victim through cyber action (data encryption, disclosure of confidential data, access blocking, etc.) continues to evolve rapidly. Over the past 12 months, there has been a record global increase of 46% in cyber extortion victims. Large companies suffered the majority of attacks (40%), with a steady increase for those employing more than 10,000 people. This trend has been exacerbated by the threat actor Cl0p, which exploited two major vulnerabilities in 2023. Small businesses account for a quarter (25%) of victims and are closely followed by mid-sized businesses at 23%.

Large English-speaking economies continue to record the highest number of casualties. More than half of them (53%) are headquartered in the United States, the United Kingdom (2nd, 6%) and Canada (3rd, 5%). However, we are gradually seeing a lateralization of the geographical distribution, illustrated by considerable increases in the number of victims in India (+97%), Oceania (+73%) and Africa (+70%) from one year on the other.

In 2023, 25 cyber extortion groups disappeared, 23 groups survived from one year to the next, and 31 new groups emerged. Among existing cyber extortion groups, more than half (54%) survived 6 months or less, 21% survived 7-12 months, and 10% survived 13-18 months. This observation is a reminder of the difficulties faced by those trying to combat cyber-extortion actors.

Combination of fields of confrontation: hacktivism, mode of action of current conflicts.
Over the past two years, we have seen an increase in activity in the sphere of hacktivism, used to defend causes of a political or social nature. Attacks by hacktivist groups working alongside Russia or Ukraine have reached record levels. Ukraine, Poland and Sweden have been the countries most affected by the pro-Russian hacktivists we monitor. This upward trend is exacerbated by other geopolitical events causing the emergence of new groups, particularly in view of the current situation in the Middle East.

Europe suffered 85% of hacktivist attacks in 2023, followed by North America (7%) and the Middle East (3%). We find that most of the countries experiencing large-scale attacks are geographically close to the war against Ukraine.

Our research has revealed a phenomenon of continued evolution towards “cognitive” attacks, which seek to shape perceptions. The disruptions caused (by the attack itself or the value of the data or systems affected) are ultimately less important than the repercussions of these attacks on societal perception. More generally, we observe physical events sparking a direct cyber response from malicious actors, and leading to an escalation of the geopolitical tensions in question.

Most hacktivism attacks observed are distributed denial of service (DDoS). Some hacktivist groups have developed strong DDoS skills, while others highlight their capabilities and impact, employing language and narrative disproportionate to their concrete actions (and repercussions).

The “Hacking” category still ranks at the top, with almost a third of incidents detected in our CyberSOCs.

Based on the VERIS framework, “Hacking” malicious action remains the most detected type of security incident, since it represents almost a third of confirmed incidents, or 30.32%. This represents a significant increase from 25% last year. The “Malware” category has always been one of the two most detected types of true positive incidents. However, it finds itself in 3rd position this year, with 12.98%. The “Misuse” category is the 2nd most frequently detected malicious action with 16.61%, a figure in line with last year. Incidents in the “System Error” category (7.33%) once again occupy 4th position and Social Engineering (7.15%) completes the top 5. The data indicates that 37.45% of incidents detected in organizations come from internal actors, although the majority of them are due to external actors (43.6%). The assets most affected by these incidents were end-user devices (27.7%), followed by servers (27.34%).

The qualification level of cyber threats on the rise
We also demonstrate that while the quantity of incidents reported to our customers has decreased proportionally over the years, their qualification level has increased. This observation is verified through the number of “unknown events” which goes from 15.33% for customers integrated for 1 to 10 months to only 4.10% for customers integrated for 41 to 50 months. We believe this results from fine-tuning detection, more rigorous analysis, and other service improvements. Furthermore, the more our customers become mature within the service, the more they are able to act on the events we report and refine their process to provide us with feedback. The quality of the feedback allows us to make a precise adjustment and improve the efficiency of detection, cycle after cycle.

A trusted partnership for the development and implementation of cybersecurity strategies adapted to the needs of organizations “This year, the report highlights the unpredictable environment we face as evidenced by the unprecedented activity of our teams which are facing an increase in the number of incidents detected (+30% from one year to the next). Concerning the targets, if we see an increase in the number of large companies affected by cyber-extortion (40%), small and medium-sized businesses still represent almost half of the victims (48%),” declared Hugues Foulon , CEO of Orange Cyberdefense

CT Bureau

Click to comment

You must be logged in to post a comment Login

Leave a Reply

Copyright © 2024 Communications Today

error: Content is protected !!