Despite the victim count being lowered, incidents of cyber extortion only increased in the first quarter of 2023. So reports Orange Cyberdefense in its Cy-Xplorer report for 2023. In particular, the energy (+51 percent), education (+41 percent), financial services and insurers (collectively +11 percent) sectors suffered in 2022.
Cyber extortion refers to the use of ransomware. This involves organizations getting compromised by cyber criminals, after which data is locked or stolen (or both). The demand is often crypto-cash, with the frequent threat of publicising sensitive data looming large. Orange Cyberdefense uses the term “Cy-X” for these types of attacks.
“That the number of Cy-X attacks continues to rise indicates a new focus by cybercriminals,” says Jort Kollerie, who is Strategic Advisor at the company. “After 2022, which seems to have been a year of distraction and ‘rebranding,’ we see that several criminals are now clearly targeting extortion.”
New victims further from home
We are familiar with many victims at home. For example, the immensely popular LockBit 3.0 caused havoc for the likes of Deutsche Bank and the UK’s Royal Mail service. However, Orange actually sees good news in this regard: organizations in Western countries now tend to respond more quickly and actively to threats. For a ransomware attack, time is of the essence. If a criminal is able to stay in a network for longer, they can steal more data, infect more people’s hardware and/or install backdoors to make a return at a later date. Therefore, organizations in Europe and North America are doing a better job of preventing this from happening, resulting in a decline in these areas. Kollerie interprets this trend as follows: “Actors are now focusing on regions where the risk level seems lower for them, which is often due to the proactivity – or lack thereof – of governments.”
Orange has spotted the new targets of interest to criminals: countries in Southeast Asia, where cyber extortion rose by 42 percent in 2022. Indonesia, Singapore and Thailand can count on the unwanted attention from cyber criminals the most. Hackers are clearly looking for easier targets, which will take time to arm themselves against the sharply increased threat.
Slowdown caused by Ukraine war, government repellents
The war in Ukraine disrupted the practices of ransomware groups. Orange interprets this as follows: cybercriminals had to take sides. They could either back Russia or Ukraine. It found that 74 percent of the organizations were in NATO countries. Yet it took a while for cyber extortion to pick up. This is reminiscent of the course we saw recently in exploits of Log4Shell.
Finally, Orange also sees governments becoming more active in this area. For example, some countries prohibit companies from engaging in extortion, which should serve as a deterrent to cyber criminals. Still, there will always be exceptions. However, that does not simply mean that criminals are exonerated: arrests are becoming more common. For example, police departments recently arrested former members of Genesis Market, which traded user data.