Report highlights energy sector cyber threat vulnerability

Sinister image of hand poised at keyboard for cyber-attack (cybercrime index)
Image: Shutterstock

Global cybersecurity firm Group-IB has published its latest annual threat report, Hi-Tech Crime Trends 2022/2023.

The report reveals that ransomware operations remain the top cyber threat to public and private companies across the world. Between H2 2021 and H1 2022, the number of companies that had their information uploaded onto the ransomware dedicated leak sites (DLS) was up by 22% year-on-year to 2,886, including data related to 322 companies from the Asia Pacific region.

Between H2 2021 and H1 2022, Group-IB’s Threat Intelligence unit analysed underground advertisements and identified a significant increase in the sale of corporate access. A total of 2,348 instances were recorded, which is twice as many as the previous period (1,099 access offers).

Related article: Customer details exposed in EnergyAustralia cyberattack

The Asia-Pacific region saw a significant number of network access offers with India (16.8%) recording the highest number, followed by Australia (12.8%), China (11.8%), Indonesia (7.3%), Thailand (7.3%), Malaysia (4.5%), Taiwan (4.5%), Vietnam (4.2%), Japan (3.4%), and Singapore with 3.4% of all network access offers in the region detected between the second half of 2021 and the first half of 2022. One of the most prolific initial access brokers active in APAC, nicknamed NikaC, offered access to seven financial companies’ networks, mainly in the Asia-Pacific. Most involved access to the corporate email of top managers.

The report found that ransomware continues to be a major threat to companies worldwide, with 2,886 companies having their information, files, and data published on ransomware DLS between H2 2021 and H1 2022, a 22% increase compared to the 2,371 companies affected during the previous period (H2 2020-H1 2021). It’s worth noting that the actual number of ransomware attacks is believed to be significantly higher as many victims chose to pay the ransom and some ransomware gangs do not use DLS.

Based on the analysis of ransomware DLS, Group-IB discovered that companies in North America (50% of companies whose data was leaked by ransomware gangs) were the most affected by this form of attack. Comparatively, the APAC region was the third-most affected region, with 322 companies having their data published on DLS. The major affected markets in this region were Australia (55 companies), India (38 companies), China (37 companies), Japan (31 companies), and Thailand (27 companies). Additionally, 17 companies in Singapore had information published on DLS. The most prolific ransomware gang in the APAC market was Lockbit, responsible for 41% of publications from the region on dedicated leak sites. Second in this list was Conti, a Russian-speaking ransomware group that launched the devastating ARMattack campaign at the end of 2021, which was responsible for 7% of leaks, and third was Hive (6% of leaks).

Group-IB’s analysis of the threat posed by ransomware gangs also revealed that globally, the largest number of ransomware-related data leak victims were found in the following sectors: manufacturing (295 companies), real estate (291), professional services (226), and transportation industries (224). In the APAC region, most of the victims posted on DLS conducted business in the manufacturing (45), financial (20), and energy (15) sectors.

Related article: Connecting EVs to grid could present cyberattack risk

“Ransomware is likely to remain the major threat for businesses and governments across the globe in 2023,” Group-IB CEO Dmitry Volkov said.

“Ransomware gangs have been able to craft a stable market for their criminal enterprises, and the ransom demands issued to companies once they have been attacked are continuing to rise rapidly. Many of the most prominent ransomware gangs have turned into criminal start-ups. They have a rigid hierarchy and bonuses for overachievement. While the growth trends might slow down, it is likely that the ransomware market could consolidate further, continuing a trend seen in H2 2021-H1 2022.”

Previous articleAustralia’s electricity grid: Over-governed, highly regulated and under-engineered
Next articleDamien Nicks appointed managing director/CEO of AGL