Darktrace reported that the IT and communications sector was the most targeted industry by cyber criminals in the world in 2021.

Darktrace’s data is developed through “leading indicator analysis” which examines the breadcrumbs of potential cyberattacks in stages before they are attributed to a particular actor and before they escalate into a full blown crisis. The results show that its artificial intelligence autonomously interrupted an average of 150,000 threats against the sector per week in 2021.

The IT and communications industry includes telecommunications providers, software developers and managed security service providers, among others. There was also a growing trend for hackers to target Backup server in an attempt to intentionally disable or corrupt backup files by deleting a single index file that would make all backups inaccessible. Attackers could then launch ransomware attacks against the backup provider’s clients, prevent recovery and force payments.

In 2020, the finance and insurance sector was the worst hit industry, showing that cyber criminals have shifted their focus in the past 12 months.

“In the last 12 months it has been clear that attackers are tirelessly trying to access the networks of trustworthy providers in the IT and communications sector. Quite simply, there is a better return on investment than pursuing a company in the financial services sector, for example. SolarWinds and Kaseya are just two well-known and current examples of this. Unfortunately there will likely be more in the near future, ”commented Justin Fier, Dark trail Director of Cyber ​​Intelligence and Analysis.

The results of this research mark a year since the US software company’s compromise SolarWinds shook the security industry. This groundbreaking supply chain attack left thousands of companies vulnerable to infiltration by locking malicious code into the Orion system. Over the past 12 months there has been a sustained flurry of attacks across the IT and communications sectors, including the high profile attacks on Kaseya and Gitlab.

The most common break-in attempts

Threat actors often use software and developer platforms as entry points into other high value targets, including governments and agencies, large businesses, and critical infrastructures. The most common break-in method attempted was via email, with industry organizations receiving an average of 600 unique phishing campaigns per month in 2021.

Contrary to popular belief, the emails sent to these organizations did not contain a malicious payload hidden in a link or attachment. Instead, cybercriminals used subtle and sophisticated techniques to send “clean email” containing only text in order to trick recipients into replying and revealing sensitive information. This method is effective because by compromising these email accounts, hackers can exploit the trusted relationship between the software vendor and the intended destinations.

These methods easily bypass legacy Security tools who rely on comparing links and attachments with block lists and signatures. AI can prevent these emails from reaching employee inboxes by detecting the full range of anomalies, including the most subtle indicators.

“The reality is that attackers are patient and creative. They usually go right through your doorstep compromising trusted suppliers in the IT and communications industries. For downstream customers it appears as usual and is just another application or piece of hardware from a trustworthy provider, ”continues Fier.

“There is no magic solution to finding attacks on your software vendors, so the real challenge for companies will be to accept this risk. Getting a feel for what is normal for the software you trust is of paramount importance. AI is perfect for this job; Recognizing the subtle changes that compromised software brings with it will be the key to combating this problem in the future. “

Source link
#Cyber #criminals #shifting #focus #sector #hardest #hit #Net #Security

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.