Positive Technologies experts have analysed the 2019 cybersecurity threat landscape. The analysis shows that the percentage of targeted attacks is much greater than that of mass attacks, and that the top target sectors were government, industry, healthcare, science and education, and finance.
According to the study, the number of unique cyberattacks increased by 19 percent, and the percentage of targeted attacks increased by 5 percentage points compared to 2018, now standing at 60 percent. Positive Technologies’ experts noted that the number of attacks increased every quarter. In Q1, 47 percent of attacks were targeted. At year-end, this figure had grown to 67 percent.
"The increase in targeted attacks is due to several reasons," says Alexey Novikov, Director of PT Expert Security Center. "Every year we see new groups of attackers specialising in advanced persistent threats. During 2019, the Positive Technologies Expert Security Center (PT ESC) tracked APT attacks by 27 groups, ranging from well-known groups, such as Cobalt, Silence, and APT28, to relatively unknown newcomers. Companies are paying closer attention to cybersecurity, implementing and using special security tools (such as anti-APT solutions) to detect and prevent complex attacks. This makes it easier to detect malicious activity more accurately and significantly reduces dwell time. Because of this, information on individual incidents and particular tactics and tools used by different APT groups becomes public knowledge and can be used as intelligence to bolster countermeasures¹."
Experts believe that companies should shift their attention from prevention of attacks in the perimeter, to timely detection and response inside the network, regularly checking any previous attacks. Considering the increase of targeted attacks, threat actors are constantly evolving their tactics, and malware is becoming more complex. Bearing this is mind, PT experts predict that in the next few years security will be centered around constant monitoring of security incidents, advanced network traffic analysis, and retrospective network events analysis.
Top target sectors were government, industrial, healthcare, science and education, and finance. Industrial companies accounted for 10 percent of attack targets, compared to 4 percent in 2018.
There were significant changes in attacker motivations for attacks on individuals: PT’s 2019 cybersecurity threatscape report shows that data theft was the goal of more than half of all attacks, compared to 2018, which was only 30 percent. Information theft was the biggest driver for attacks, both on individuals (57%) and organisations (60%). In 2019, attackers were especially interested in personal data, credentials, and payment card numbers.
Analysis shows that ransomware is one of the biggest threats to companies worldwide. In 2019, ransomware accounted for 31 percent of all infections, and the average ransom paid in 2019 was hundreds of thousands of dollars. Towards the end of the year in 2019, Positive Technologies’ experts noticed a new trend. If the ransomware victim refused to pay the ransom, the malware operators started threatening to disclose the data they had copied before encrypting. At the end of 2019, such attacks were carried out by hackers operating Maze and Sodinokibi ransomware. It was a lucrative business for criminals who were motivated by financial gain. PT expects a new wave of ransomware attacks in 2020, where hackers will hold victim data hostage and disclose information of those who refuse to pay.
- In 2019, PT ESC experts had the first opportunity for detailed review and analysis of the Calypso APT group, which attacked government entities in Brazil, India, Kazakhstan, Russia, Thailand, and Turkey.