Technology was the most attacked industry by cybercriminals in 2019 accounting for 25% of all attacks, compared to 17% last year.
The sector was previously the second most attacked industry in 2017 and 2018 but 2019 has seen significant increases in application-specific and DoS/DDoS attacks, along with weaponisation of IoT attacks contributed to technology becoming the most attacked industry, according to NTT’s Global Threat Intelligence Report.
Matthew Gyde, President and CEO of the Security Division at NTT Ltd, said the technology sector experienced a 70% increase in overall attack volume.
“Weaponisation of IoT attacks also contributed to the rise and, while no single botnet dominated activity, we saw significant volumes of both Mirai and IoTroop activity,” he said.
Botnets such as Mirai, IoTroop and Echobot have advanced in automation, improving propagation capabilities while Mirai and IoTroop are also known for spreading through IoT attacks, then propagating through scanning and subsequent infection from identified hosts.
The report said that nearly 55% of all attacks were made by application-specific attacks (33%) and web-application attacks (22%).
Of all attacks targeting technology, he said that over 15% of the targeted vulnerabilities allowing remote code execution (RCE).
The government was in the second position, driven largely by geopolitical activity accounting for 16% of threat activity, and finance was third with 15% of all activity. Business and professional services (12%) and education (9%) completed the top five.
Gyde said that attacks on government organisations nearly doubled, including big jumps in both reconnaissance activity and application-specific attacks, driven by threat actors taking advantage of the increase in online local and regional services delivered to citizens.
Unfortunately, he said that those same internet-enabled applications have provided additional opportunities to attackers.
Moreover, he said that attack volumes increased across every industry from 2018 to 2019.
“Along with application attacks, regional and local governments have experienced significant impacts from denial of service and ransomware attacks. These attacks can be difficult to hide from customers, and smaller government offices often do not have the resources available to deal with significant outages. The automation and commoditisation of these attacks appeared to have a direct effect on government organisations,” he said.
The report showed that the technology industry had the highest rate of detected ransomware. NTT researchers found 9% of all threat detections were ransomware; no other industry showed detections for this malware category above 4%.
WannaCry ransomware was the most commonly detected variant, accounting for 88% of all ransomware detections while 23% of detected malware belonged to the RAT malware family.
The presence of these RATs suggests threat actors are seeking to gain access to organizations in the technology industry to maintain persistence and exfiltrate sensitive information over prolonged periods, just as they have done historically, the report showed.
Bad guys automate their attacks
While targeted industries varied by country, the most commonly attacked industries in EMEA, according to the report were finance, business and professional services, technology, manufacturing, and retail.
Despite efforts by organisations to layer up their cyber defences, Gyde said that attackers are continuing to innovate faster than ever before and automate their attacks by leveraging artificial intelligence and machine learning.
Referencing the current Covid-19 pandemic, the report highlights the challenges that businesses face as cybercriminals look to gain from the global crisis and the importance of secure-by-design and cyber-resilience.
For organisations that are relying more on their web presence during Covid-19, such as customer portals, retail sites, and supported web applications, they risk exposing themselves through systems and applications that cybercriminals are already targeting heavily.
Gyde said that the current global crisis has shown us that cybercriminals will always take advantage of any situation and organisations must be ready for anything.
“We are already seeing an increased number of ransomware attacks on healthcare organisations and we expect this to get worse before it gets better. Now more than ever, it’s critical to pay attention to the security that enables your business; making sure you are cyber-resilient and maximizing the effectiveness of secure-by-design initiatives,” he said.