NEWS: Logpoint Acquires Muninn
2023 was a busy year in cybersecurity and by reflecting on the cyberattacks that happened last year, we can gain invaluable insights into potential patterns and trends that might become the new blueprint of cyberthreats in the upcoming years. With high-profile and state sponsored ransomware attacks dominating headlines this year, we want to take a look at how it affected different industries.
The rapid advancement of technology and generative AI has empowered the business as well as cybercriminals, which has become a major concern for organizations worldwide. The result is in an escalating number of security breaches with certain industry sectors being inherently more susceptible to cyberattacks than others.
As of 2023, the global average cost incurred per data breach amounted to 4.45 million U.S. dollars, witnessing a surge from 4.35 million U.S. dollars in 2022 and thereby continuing the trend of previous years. Notably, the healthcare industry bore the highest average cost of a data breach. Understanding these potential threats becomes imperative for organizations, given the staggering impact of cybercrime on the global economy. According to Statista, by 2026, annual cybercrime expenses worldwide could surpass $20 trillion, indicating a mammoth 150 percent increase from what we are seeing today.
But the highest price to pay for any company is bankruptcy. After nearly twenty years of operation, the Danish cloud host provider, CloudNordic, closed this year due to a devastating ransomware attack in August 2023 that erased its systems and destroyed all its customers’ data. Despite lacking the funds and refusing the idea of paying the hackers, the company, left with no alternative, ultimately shut down.
With such tragedies happening, businesses must invest resources in the handling of growing customer data and robust cybersecurity measures to keep these sensitive data secure. Despite a marginal increase in the frequency of attacks, attackers have also orchestrated sophisticated campaigns by weaponizing legitimate tools for criminal purposes. Recent instances include leveraging AI models like ChatGPT for code generation, Trojanizing software like the 3CXDesktop app for supply chain attacks and exploiting critical vulnerabilities such as the unauthorized RCE Vulnerability in the “Microsoft Message Queuing” service (MSMQ).
Complacency is not an option and Chief Information Security Officers (CISOs) must prioritize the development and execution of a security strategy that eradicates blind spots and vulnerabilities across their entire digital infrastructure. This includes mitigating risks arising from shadow IT development environments, remote access vulnerabilities, or potential email vectors that could be exploited for breaches.
Statistics from the first quarter of 2023 reveal a 7% surge in global average weekly attacks compared to the corresponding period in the previous year, with each organization facing an average of 1,248 attacks per week.
During this period, the Education and Research sector endured the highest number of attacks, averaging 2,507 attacks per organization per week—a 15% increase from Q1 2022. Meanwhile, the Government, Military and Healthcare sectors encountered 1,725 and 1,684 attacks per week, respectively, showing a persistent cyberthreat trend for these vital government sectors.
Despite ongoing challenges, institutions within the Education and Research sector continue to grapple with securing extended networks and access points, especially during the transition to remote learning—an issue that continues to weigh heavily on the sector's cybersecurity posture.
By now this sounds like a tale as old as times, hackers are specifically targeting hospitals and medical facilities, causing chaos by locking down their systems with ransomware. This not only disrupts their ability to provide critical care but also puts sensitive patient data at risk. Although the number of attacks on hospitals hit its peak in 2021, the past three years have seen a rise in data breaches caused by ransomware. These breaches involve stolen data, making the situation even more dire for organizations struggling to keep their systems running.
When these attacks happen, it's not just about fixing the systems; it's also about dealing with the fallout. Medical staff have to keep working without their usual tools, causing disruption in patient care. Fixing these issues without reliable backups take a lot of time and resources, in a sector which is already lacking resources to begin with.
In addition to ransomware attacks, there's also a common human error called "Misdelivery." This happens when sensitive information meant for one person ends up in the hands of someone else entirely. Picture a scenario where a private health record meant for a specific patient gets sent to the wrong recipient. It could be a wrongly spelled email address or even a physical mail error where too much personal information is visible through an envelope's window. Whether it's accidental data leaks or information sent to the wrong hands, these errors are causing serious problems.
Now, employees can also pose a threat. While they might not be among the top three issues anymore, their misuse of privileges and snooping around out of curiosity are still causing security threats. Sometimes, multiple employees team up to cause breaches, which can be a real headache for the health care industry. In order to prevent these situations, healthcare organizations need to pay close attention to potential threats and unusual data access patterns to keep their systems and patients’ information safe and secure.
In February 2023, the hacker group Anonymous Sudan targeted nine Danish hospital websites, causing them to go offline. Prior to this, the group had launched similar attacks on Danish and Swedish airports. As a result of this attack, website services in the Capital Region of Copenhagen experienced a four-hour outage.
Despite its name, Anonymous Sudan is not affiliated with the long-standing group known as Anonymous. Their primary method involves DDoS attacks, which floods an organization’s website or web infrastructure with an overwhelming volume of malicious traffic. This traffic can cause a website to shut down, preventing legitimate users from accessing it.
While the group later claimed their attacks were a response to Quran burnings in Denmark and Sweden, reports from cybersecurity firm TrueSec suggest strong connections to the Russian government. During Q2 of 2023, the group collaborated with the pro-Russian hacker group Killnet on further attacks.
In contrast to many other attack groups, research indicates that Anonymous Sudan does not use a botnet of infected personal and IoT devices for their assaults. Instead, they have employed a cluster of rented servers—capable of generating higher traffic than personal devices—to execute their attacks. The financial capacity to rent these servers raises doubts among some researchers, who question whether the group truly represents the grassroots hacktivists they claim to be.
The financial industry is like a jackpot for cybercriminals. Banks don’t just have a lot of cash but also handle and have access to sensitive customer information. Cybercriminals have a variety of tricks to mess with banks and other financial institutions, like phishing, ransomware, and sneaky social engineering scams.
And as everything related to money becomes more and more digital, it's opened up new ways for these hackers. Mobile banking, digital payments—are all new attack surfaces and increase the risk for trouble. From malware for mobile devices, hijacking online accounts and fake transactions, the list of possibilities is long.
Cybersecurity within the financial sector needs to be as serious as some of their representatives look like: multi-factor authentication, regular software and security updates as well as frequent employee training are essential and standard.
But why work hard when very little effort sometimes brings you far? One would be surprised how many times hackers just brute-force their way into a network or use password they acquired from other data breaches. These simple attacks are actually pretty successful for the bad guys. The not so complex Basic Web Application Attacks pattern seems to be working fine for cybercriminals, since they are what is seen most in this industry.
Other attack patterns involve Misdelivery, where data gets sent to the wrong person—whether this is a letter or an email flying off to the wrong inbox.
Interestingly, ransomware isn't as hot a choice for finance these days and System Intrusion has dropped from 27% to 14% in 2023. Maybe because hackers have to roll up their sleeves and really work for it, while other more simple attacks seem to have a higher cost to benefit ratio. Regardless ransomware attacks remain a headache.
A data breach revealed at the beginning of July 2023 at several financial services providers turned out to be larger than previously thought. Besides Deutsche Bank and Postbank, which had already acknowledged unauthorized access to sensitive customer data, additional financial institutions were affected as well: both ING and Comdirect, which belongs to Commerzbank, collaborated with the service provider Kontowechsel24.de.
The company Majorel, which includes Kontowechsel24.de, cited a security vulnerability in their software MOVEit as the cause of the data breach. While the exact number of affected customers couldn’t be specified, it was stated that the data stolen consisted of customer names and international bank accounts information.
It remains unclear who was responsible for the data breach.
As production gets more technology heavy and connected, they become highly interesting targets for cyberattacks. Manufacturing companies face all sorts of dangers—like supply chain hits, espionage of intellectual property, and the classic - ransomware attacks. However about 67% of incidents in this sector are Denial of Service attacks and it's been on the rise for a while.
Hackers can hold whole supply changes hostage by sneaking into their systems or are able to steal intellectual property, to use it for their own gains or simply re-selling it.
Ransomware attacks are on the rise, as they can be disruptive to whole production lines, and even hit the supply chains. This headache can cost these companies huge revenues and moreover their good reputation.
Cybercriminals know the importance of manufacturing and our daily life depends on certain supply chains. They see a huge opportunity to make money by exploiting this sector. Therefore, financially motivated external actors are still the biggest issue for this industry.
To sum it up: When we zoom in on the Manufacturing world, it's clear hacking and malware are the big players. Social attacks are in the game, too. Ransomware, which causes a lot of chaos in system breaches, keeps slowly creeping up in this industry.
In October 2023, Röhr+ Stolberg, Germany's leading manufacturer of lead sheet and lead wool, fell victim to a ransomware attack, as stated by the company. The incident caused significant disruptions in their operations and made communication with customers and suppliers more challenging as all servers had to be shut down.
The company communicated on October 30, 2023, that all servers were successfully restarted after a week, ensuring communication through secure channels such as phone and other devices that were not connected to the affected network parts.
Röhr+ Stolberg did not rule out the possibility that cybercriminals may have stolen the company's data. However, the incident and its aftermath caused a severe disruption in their business flow.
The government is a real treasure chest for all kinds of sensitive information. So, it’s no surprise that in this sector espionage driven attacks are consistently among the highest. Whether it is external, internal or both actors working together to steal data and attacks are often carried out by nation-states or state-sponsored groups.
Insider threats whether intentional or accidental, such as a government employee accidentally emailing sensitive information to the wrong recipient, are also a big concern for the public sector. Don’t underestimate the role of social engineering attacks, such as phishing or spear-phishing attacks, as government employees face a significant amount of these attacks as well.
What's even worse? Sometimes, these hackers might team up with unhappy insiders. The good news is that these internal threat actors peaked in 2019 and have decreased slightly since then. But catching these espionage insiders early can save a lot of trouble.
Ransomware being used for the System Intrusion pattern remains one of the top methods for cybercriminals to be disruptive and make money. However, the data suggest that it might be less favored, due to its slight decrease.
When looking at the educational sector, there's been a shift in the top three patterns. The usual mess-ups—like sending information to the wrong place and other errors—have slightly increased. Social engineering increased from 14% (2022) to 21% (2023), especially phishing, which showed up in 18% of breaches. Hacking and malware are big players, shown in 80% of all breaches, with ransomware making up for nearly a third of all breaches in this sector.
What stays the same for the educational sector is that financially motivated external as well as spying nation-states are the most interested threat actors and personal data remains the most often stolen data type.
In August 2023, students and staff at five schools in South Denmark have had sensitive personal information leaked following an extensive hacking attack by the group Rhysida. The attack occurred after a student connected an infected computer to the school network on August 27th.
The incident was discovered on August 31st, when hackers had encrypted the network and school staff could not access it any longer. On September 22nd it was announced that the hacker group had accessed large amounts of data, including CPR numbers (Danish personal identification numbers) and phone numbers, some of them belonging to minors.
According to some experts, the attack was one of the most serious cases in Denmark. The hackers were demanding a ransom of 5 bitcoins, equivalent to 1 million DKK.
