Most targeted industry shifts away from finance and insurance in 2020
CAMBRIDGE, England, December 13, 2021 / PRNewswire / – Darktrace, a global leader in cybersecurity AI, today announced the information and communications technology (IT) and communications industry as the most targeted industry globally in 2021, as the ‘Darktrace security researchers discovered.
Darktrace’s data is developed through an ‘early indicator analysis’ that examines the breadcrumbs of potential cyber attacks at multiple stages before they are attributed to a particular actor and before they escalate into a crisis at full fledged. Darktrace’s findings show that its artificial intelligence autonomously interrupted an average of 150,000 threats per week against the industry in 2021.
The computer and communications industry includes, among others, telecommunications providers, software developers and managed security service providers. Darktrace also advocates for several backup providers and has observed a growing tendency for hackers to target backup servers with the aim of deliberately deactivating or corrupting backup files by deleting a single index file which would make all backups inaccessible. Attackers could then launch ransomware attacks against the customers of the backup provider, preventing recovery and forcing payment.
In 2020, the industry most attacked among Darktrace’s global customer base was the finance and insurance industry, showing that cybercriminals have shifted their focus in the past 12 months.
“Over the past 12 months, it is clear that attackers have been relentlessly trying to gain access to the networks of trusted providers in the computing and communications industry. It is simply a better return on your investment than, for example, going after a company in the financial services industry. SolarWinds and Kaseya are just two well-known and recent examples of this. Unfortunately, there will probably be more in the short term ”, commented Justin proud, Darktrace Director for Cyber Intelligence and Analytics.
The results of this research mark a year since the compromise of US software company SolarWinds rocked the security industry. This historic supply chain attack has left thousands of organizations vulnerable to infiltration by inserting malicious code into the Orion system. Over the past 12 months, there has been a continuing wave of attacks on the IT and communications industry, including the high-profile attacks on Kaseya and Gitlab.
Threat actors often use software and development platforms as entry points to other high-value targets, including governments and authorities, large enterprises, and critical infrastructure. Darktrace found that the most common attempted break-in method was email, with industry organizations receiving an average of 600 unique phishing campaigns per month in 2021. Contrary to popular belief, emails sent to these organizations did not contain a malicious payload. hidden in a link or attachment. Instead, cybercriminals have used subtle and sophisticated techniques to send “clean emails” containing only text attempting to trick recipients into responding and revealing sensitive information. This method is effective because, by compromising these email accounts, hackers can then exploit the trust relationship between the software vendor and the intended targets.
These methods easily bypass legacy security tools that rely on checking links and attachments against blocklists and signatures. AI can prevent these emails from reaching employee inboxes by identifying the full range of anomalies, including the subtlest indicators.
“The reality is that attackers are patient and creative. They usually go through the front door compromising trusted vendors in the information and communications technology industry. from a trusted supplier, ”continued Fier. “There is no magic bullet in finding attacks built into your software vendors, so the real challenge for organizations will be to operate with that risk being accepted. Get a feel for what is normal for the software they do. you trust will be paramount. AI is ideally suited for this job; spotting the subtle changes presented by software that has been compromised will be key to tackling this problem in the future. “
Darktrace (DARK.L), a global leader in cybersecurity AI, provides world-class technology that protects nearly 6,000 customers worldwide against advanced threats, including ransomware and cloud and SaaS attacks. The fundamentally different approach of the business is applying self-learning AI to enable machines to understand the business in order to stand up for it autonomously. Based at Cambridge, UK, the company has 1,600 employees and more than 30 offices around the world. Darktrace has been named one of TIME magazine’s “Most Influential Companies” for 2021.