While it’s in an enterprise’s interest to treat every year like it’s a bad year in terms of cyber threats, 2021 is actually proving to be a bad year, even when compared to 2020—the year in which everything that could go wrong did go wrong. The first half of the year has seen creative ransomware campaigns that targeted new industries, an increase in Cobalt Strike-enabled attacks, and other threat trends that have negatively affected governments, businesses, and consumers.
Accenture has released its latest CIFR (cyber investigations, forensics, and response) mid-year update, which analyzes the first half of 2021. It’s not good news. The data, which derives from Accenture’s activities in helping its clients respond and recover from a variety of cyber incidents, suggests there has been a triple-digit increase—125%—in cyber intrusion activity during the first half of 2021 when compared to the first half of 2020.
Web shell activity helped drive this formidable increase in global cyberattack volumes, Accenture says. Web shell attacks typically leverage a small piece of malicious code implanted on web servers that gives attackers remote access and control of a server. Web shell attacks have been steadily gaining in popularity with cyber criminals, but the trend now appears to be accelerating. Microsoft has reported that between August 2020 and January 2021, Microsoft 365 Defender data registered an average of 140,000 web shell encounters on servers, compared to the 77,000-per-month average the prior year. The company theorizes that the influx of web shell activity is due to how simple and effective these types of attacks can be for cyber criminals.
It’s not just web shells that are wreaking havoc so far this year. Accenture also attributes the 125% increase in cyber intrusion activity to targeted ransomware and extortion operations, as well as supply chain intrusions. The new CIFR report suggests the largest malware categories observed by volume were ransomware (38%) and backdoors (33%). The top ransomware variant observed—accounting for one in every four ransomware attacks—was REvil/Sodinokibi, followed by Hades (18%). Backdoors allow cyber attackers to issue commands to a system by bypassing authentication channels. Examples of common backdoors include Cobalt Strike BEACON and SUNBURST.
Companies with $1 billion-$9.9 billion in annual revenues made up more than half (54%) of ransomware and extortion victims during the first half of 2021. The consumer goods and services space took a hit during the first half of this year, with Accenture’s data saying 21% of intrusion activity affected this industry. The industrial space was the second most affected industry, accounting for 16% of intrusions. In terms of geography, the U.S. was disproportionately affected, according to this data set. In fact, the CIFR says just three nations accounted for more than 70% of the incident volume observed: the U.S. (36%), the U.K. (24%), and Australia (11%).
Looking toward the second half of this year, Accenture warns that attackers may turn their attentions toward industries that were relatively dormant during the COVID-19 pandemic, such as travel, hospitality, and retail. We’re likely to also see a continued assault on the consumer goods and services industry. Ransomware is going to remain a top threat globally, and businesses and governments need to prepare for new tactics and more aggressive behavior on the part of cyber criminals. Finally, supply chain vulnerabilities really need to be identified and addressed if the second half of 2021 is going to be brighter than the first half in terms of cybersecurity.
Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #digitaltransformation #machinelearning#cybersecurity #ransomware #cyberattacks #cyberthreats #supplychain #malware