CyberRes Report: Money and Politics Driving Cyberattacks
What puts you most at risk of a cyberattack? A key statistic to take away from a recent CyberRes Galaxy report is that one of three main factors could put you at greater risk:
- Be located in a wealthy country (especially the United States)
- Being located in an area facing geopolitical tensions
- Being cyber desperate – having a cybersecurity infrastructure that doesn’t match the importance of your data or operations (often these are government agencies)
In its first report, released earlier this year, CyberRes Galaxy provides an overview of the impact of cybercrime by geography that appears to highlight ongoing international tensions. The Five Eyes Nations, an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States, collectively experienced 57% of cyberattacks in 2021, with the United States accounting for more than 60% of incidents that hit the Five Eyes, or 35% of cyberattacks worldwide. The fourth most affected country in 2021 was Iran (about 5% of “cyber problems”), and the seventh was Israel (about 4%). China (eighth), Japan (tenth) and India (thirteenth) are also high on the list of the most affected countries.
“[I]In the Middle East region, growing tensions between Iran and Israel have been marked by numerous Advanced Persistent Threat (APT) activities by threat groups,” the report read. “Similarly, the ideological difference between China and the QUAD countries [Australia, India, Japan, and the United States]; the mega military technology transfer agreement (AUKUS) between Australia, the United States and the United Kingdom; and conflicts in the South China Sea have accelerated. . . cyber attacks….”
Moreover, cyberattackers are opportunists who favor low-hanging fruits. Government agencies, the report notes, are among the juiciest targets for threat actors because they are a treasure trove of confidential information, but typically have poorly funded and insufficiently defended cyber infrastructure.
“[T]this gives cybercriminals a tremendous opportunity to easily exploit flaws,” the report read.
And, indeed, 21.4% of cyberattacks in 2021 impacted the public sector; only the infrastructure services industry experienced more cyberattacks, at 33.7%. And although only 1.3% of cyberattacks in 2021 had an impact on the defense sector, this sector was in the top three of the most affected industries in Latin America, the Middle East and Africa, as well as in Australia and Oceania.
That said, according to the report, the media/entertainment sector and the education sector have also been heavily targeted by nation state actors for cyber espionage – while cyber attacks affecting the energy sector, many of which were highly publicized, “acted as a catalyst to further escalate geopolitical tensions.”
Greed Wins, Ransomware Rises
Yet threat actors are often capitalists at heart, and it shows in their work. According to the report, nearly 69% of cyber events in North America were motivated by financial gain, including most cyberattacks against the energy sector in the United States and more than 90% of cyberattacks suffered by the health in the United States. CyberRes Galaxy further reported that financial gain is one of the top two motivators for cyberattacks in both the Asia-Pacific region and the Middle East and Africa region, and is likely to be the largest. future motivation for threat actors deploying attacks in Oceania.
Ransomware seems to be the go-to form of attack for greedy people. Almost one in five cyber attacks in 2021 were some form of ransomware incident. The report also makes a number of references to the increasing proliferation of ransomware and “the growing motivation for financial gain”. For example, the report notes, China-based APT27 shifted its primary focus from cyber espionage and intelligence gathering to ransomware.
“The year 2021 was marked by a rapid increase in the activities of financially motivated threat actors,” the report reads, “leading to a large number of ransomware attacks worldwide.”
This is not surprising given ransomware’s reputation for ROI. In North America, for example, CyberRes Galaxy found that more than 60% of businesses targeted by ransomware “show an increased willingness to pay the ransom.” This finding comes as the FBI and other law enforcement agencies recommend against paying ransoms, to remove the perverse incentive for cyberattackers to adopt, continue or escalate ransomware campaigns. No wonder CyberRes Galaxy reports that ransomware is the most common attack method in North America.
The report also noted that other developments in 2021 have opened up opportunities for new ransomware deployments, including “ransomware-as-a-service” tools and findings of major zero-day vulnerabilities such as Log4Shell.
The evidence of cyberattackers’ greed goes beyond the ransomware itself. This appears where attacks occur. Most cyberattacks in 2021 targeted rich countries. Critical infrastructures – the entities most at stake in the event of a data or system compromise – remain a popular target for those looking to make a quick buck from those at their mercy. And, globally, the third most victimized sector of cyberattacks in 2021 (after infrastructure services and the public sector) was the financial sector, which bore the burden of almost 12% of cyberattacks. In particular, CyberRes found that, from the perspective of cyberattacks, finance was the third most affected sector in 2021 in Europe, the second in Asia and the most affected sector in Australia and Oceania.
“The increase in the number of financially motivated malicious actors has had a direct impact on this sector,” the report reads, “given the high value and sensitivity of the data that financial institutions store (such as credit card details, social security numbers, account IDs, etc.).”
The best emerging opportunity for threat actors in this space appears to come not from traditional banks but from digital disruptors, in particular, as the report notes, due to the increased demand and deployment of digital payment methods integrated into following the COVID-19 pandemic. . As a result, CyberRes Galaxy considers recent cyberattacks in the digital payment space to be “numerous”.
“Many emerging economies with low levels of bank account ownership have replaced the tradition of cash and cards with smartphones for financial transactions, due to high levels of mobile phone and internet penetration worldwide, in particularly in the Asia-Pacific region,” it read. The report. “The growing sphere of the digital payments landscape around the world has prompted many sophisticated cybercriminals to further exploit the financial industry.”
Naturally, these holdings often highlight cryptocurrency and blockchain technologies, not the panacea they were once hailed as. CyberRes Galaxy expects the trend to continue, especially in North America, citing recent hacks on cryptocurrency trading platforms.
“As cryptocurrencies become more popular and numerous, they will also be more targeted,” reads the report. “Blockchain is often praised for being secure and tamper-proof, but recent events prove otherwise.”
While CyberRes Galaxy warns that these attacks are an emerging concern in the Middle East, governments there appear to have dealt with the threat more proactively than North America. The report mentions emerging regulations in the space, including, for example, Dubai’s regulatory framework for investment tokens.
Other regions are also taking proactive steps to secure digital payments. For example, the report highlights an agreement between India and Singapore last year to link their respective digital payment systems, which appears to improve the speed and security of cross-border financial transactions. The report also highlights collaboration among member states of the Association of Southeast Asian Nations (ASEAN), repeatedly praising their collaborative cybersecurity efforts as “promoting[ing] strong international ties to safeguard the digital economy” and “take the necessary steps to prevent threat groups from carrying out large-scale cyberattacks in the [Asia-Pacific] Region.”
To this end, throughout its report, CyberRes Galaxy advocates for cross-industry and cross-border cooperation, in the hope that blue teams everywhere could share intelligence, best practices and duplicative regulatory measures and mutually reinforcing to keep bad actors at bay. the Bay.
“[T]Dangerous groups are adopting advanced technologies and some are even changing their primary focus,” the report read. “The rest of the international community must work together in technology transfer and intelligence sharing through multilateral collaboration to mitigate the risks posed. by cyberattacks.