Manufacturing: Most Targeted Industry in Cyber Extortion Tactics

According to one cybersecurity company, 2023 was a record-breaking year for cyber extortion tactics. On November 30, 2023, the cybersecurity division of the French internet service provider (ISP) debuted its Security Navigator 2024. The cybersecurity company’s annual threat landscape report revealed that cyber extortion, the term for the compromise of some assets from companies’ networks for ransom and ransomware, was the top threat global companies faced in 2023. Even though this was the case in 2022, the cybersecurity company saw a 46% increase in cyber extortion, which was unprecedented. The manufacturing sector was the most targeted, accounting for 20% of all cyber extortion tactics (42% increase compared to 2022 estimates) and over 17% more than professional, scientific, and technical service (52% increase), the second-place industry. The cybersecurity company observed a modest variation in the geographical breakdown of cyber extortion victims. Accounting for the biggest number of victims are the large, English-speaking economies with the United States accounting for over 53% of all victims, followed by the United Kingdom at 6% and Canada at 5%. The cybersecurity company’s researchers are beginning to see a lateralization of the geographic distribution, as evidenced by considerable year-on-year increases in victims in India (97% increase), Oceania (73% increase), and Africa (70% increase).

The cybersecurity company observed 129,395 cyberattacks in 2023, a 30% increase from 2022. There were 25,076 verified cyber incidents, a 14% decrease from 2022. According to a senior researcher at the cybersecurity company, the decline is primarily attributable to their clients’ efficiency in dealing with the incidents. Following the same pattern as in previous years, the manufacturing sector was the largest contributor, accounting for 32.43% of all confirmed incidents. The other two are the retail industry (21.73%) and professional, scientific, and technological services (9.84%), which accounted for more than two-thirds of confirmed incidents by the cybersecurity company in 2023. In 2023, large companies (250 – 10,000+ employees) were affected by cyber incidents, accounting for 40% of all cyberattacks, followed by small companies (25%) employing 1 to 49 people.

Aside from the dominance of cyber extortion, one of the significant findings from the report was the increased blurring of the lines between nation-state actors, cyber threat operators, and cybercriminals. Even though financially driven threat actors continue to dominate, with LockBit 3.0, Clop, ALPHV/BlackCat, Paly and Royal ransomware groups accounting for 57% of detected cyberattacks, threat-acting groups are forming faster than ever. In the last two years, evidence reveals an increase in activities within the threat operators’ space to support political causes or social nature, including the Russian war against Ukraine, with Ukraine, Poland, and Sweden the most impacted by the pro-Russian threat operators being tracked. One threat operating group, Anonymous Sudan, emerged last year. Even though the group is new, they’ve been vocal in their response to several events, conducting attacks against several countries, including Sweden and Denmark. The cybersecurity company identified the group as the second most active “pro-Russian breaching group” behind NoName.

Here’s what the cybersecurity company’s technology and marketing VP predicts in 2024.

1. The Evolution of AI – improved AI algorithms, enabled by higher storage and computing capacities, can enhance both protection and threat operators’ capabilities.
2. The Laws and Regulations – Globally, new regulations (including SEC rules, in the United States, and the NIS2 directive in the European Union) will impact cybersecurity practices, and sanctions and charges will raise cybersecurity in boardrooms.
3. Consolidating Suppliers – Multi-vendor composable modules or single-vendor platforms will become more prominent.
4. Preparing for Quantum Threats – To defend against quantum cyberattacks, a hybrid approach is advised.

With more industries being targeted for cyber extortion tactics in a record-breaking year in 2023 and more being predicted in 2024, companies need to remain vigilant of the latest threat landscape and regularly update their networks’ security infrastructure. At SpearTip, we offer two types of tabletop exercises: Executive and Technical. Executive tabletop exercises are custom-designed to strengthen the collaboration among business leaders and promote a common understanding of how leadership teams respond to an incident. Technical tabletop exercises are designed to review current IR policies and procedures by engaging with companies in specific scenarios that test their analytical and remediation capabilities in the event of an incident. All tabletops are based on threat actors’ most current tactics, techniques, and procedures and perceived gaps in their current IR plan. Following the exercise, we identify key findings, opportunities for improvement, and remediation steps to strengthen their ongoing security posture. Our firewall review allows our engineers to analyze the configurations and interactions of companies’ network infrastructure with the precision of a skilled penetration tester. SpearTip seeks to discover vulnerabilities in firewall systems and enables companies to dedicate their resources to evaluate and prioritize fixes. This will provide visibility of actual network gaps, including existing false negatives. SpearTip provides clear remediation steps for all uncovered weaknesses to ensure a strengthened security posture.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.