Positive Technologies has analyzed the cyberthreats of Q2 2022: ransomware activity increased by 65% against the previous quarter, attacks on industry were up 53%, while the number of attacks on transport almost doubled. Cryptocurrencies and crypto investments also attracted more interest from cybercriminals.
The Q2 2022 threatscape study reveals that the number of attacks on industry rose by 53%. The industrial sector accounted for 13% of all attacks in Q2, an increase of 5 percentage points from the previous quarter. Analysts found that malware was employed in 76% of the attacks, with ransomware accounting for 61% of attacks. Most attacks led to operational disruption (53%) and leakage of confidential information (55%). Positive Technologies recommends using integrated industrial cybersecurity platforms to increase protection against cyberthreats.
The most high-profile incidents of Q2 in by the Conti ransomware group, German wind turbine manufacturer Deutsche Windtechnik halting operations because of Black Basta ransomware, and a major attack by the hacker group Gonjeshke Darande (Predatory Sparrow) on Iranian steel facilities.
The number of attacks on the transport sector increased by 82% compared to Q1, amounting to 5% of all cyberattacks in Q2. According to Positive Technologies, this increase is explained by the growing number of coordinated DDoS attacks and intensified ransomware operations. Cyberattacks were directed against workstations, servers, and network equipment (90%), as well as web resources (58%) and users (23%). Typical consequences included disruption of core business (87%), direct financial losses (26%), and leakage of confidential information (19%).
Cybercriminals targeted both companies and individuals. In 69% of attacks ordinary users suffered from leakage of confidential data, and in 31% of attacks they suffered financial losses.
Ransomware activity in Q2 increased by 65% against the previous quarter. "Almost a third of Q2 attacks involved ransomware," comments Fedor Chunizhekov, Information Security Analyst at Positive Technologies. "According to our data, several ransomware groups (such as Chaos, DeadBolt, eCh0raix, and Hive) switched to more advanced and effective versions of malware. In addition, gangs like these are finding new ways to pressure victims, such as corporate website defacement used by the Industrial Spy group, and even launching their own bug-bounty programs. Among cybercriminals, the scheme is being pioneered by the LockBit group, which announced a new version of its malware and the first ransomware bug bounty program."
The report also highlights an increased interest in cryptocurrencies and crypto investments among malicious actors. According to Positive Technologies, this is currently one of the hottest topics, and the number of attacks on blockchain projects and crypto exchanges continues to rise: H1 2022 saw 27% more such attacks than the whole of 2021. To make matters worse, cybercriminals are using ever more sophisticated methods to target cryptocurrency holders. Phishing websites are a popular tool, but in one especially inventive attack against owners of Trezor hardware cryptocurrency wallets attackers compromised a corporate email account and used it to send seemingly legitimate emails with malicious instructions to customers.
"Such incidents can negatively impact the company’s reputation and result in customer churn. So make sure to securely protect all your communication channels: emails, websites, applications, social media pages, and messaging apps," says Ekaterina Kilyusheva, Head of the Information Security Analytics Research Group at Positive Technologies. "In particular, companies are advised to protect access to all their customer-facing resources by implementing two-factor authentication."
According to the study, the most frequently attacked organizations in Q2 were government agencies (18% of cases), industrial companies (13%), and academic institutions (7%). Most organizations faced disruption of their core business (50%) and leakage of confidential information (40%).
In order to implement preventive security measures, organizations need to identify the events that would result in unacceptable consequences for their business and carefully verify the risk of such events occurring, for example by conducting cyberexercises.
The full version of this study is available on the Positive Technologies site.