CyberRes Report: Money and Politics Driving Cyberattacks
What puts you at greater risk of cyberattack? A key statistical takeaway from a recent report by CyberRes Galaxy is that any of three major factors could put you in greater danger:
- Being located in a wealthy country (especially the United States)
- Being located in an area facing geopolitical tension
- Being cyber-desperate—having cybersecurity infrastructure that doesn't match the importance of your data or operations (often, these are government agencies)
In its first report, released earlier this year, CyberRes Galaxy provides an overview of the impact of cyber crime by geography that seems to highlight ongoing international tensions. Countries in the Five Eyes, an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States, collectively experienced 57% of cyberattacks in 2021, with the United States accounting for more than 60% of the incidents that hit the Five Eyes, or 35% of cyberattacks globally. The fourth-most impacted nation in 2021 was Iran (about 5% of "cyber issues"), and the seventh-most was Israel (about 4%). China (eighth), Japan (tenth), and India (thirteenth) also feature prominently on the list of most-impacted nations.
"[I]n the Middle East region, the growing tensions between Iran and Israel have been marked by numerous advanced persistent threat (APT) activities conducted by threat groups," reads the report. "Similarly, the ideological difference between China and the QUAD countries [Australia, India, Japan, and the United States]; the mega military technology transfer deal (AUKUS) between Australia, the USA, and the UK; and the South China Sea conflicts have accelerated . . . cyberattacks ...."
Moreover, cyberattackers are opportunists who favor low-hanging fruit. Government agencies, the report notes, are among the juiciest targets for threat actors because they are a treasure trove of confidential information but typically have poorly funded, insufficiently defended cyber-infrastructure.
"[T]his gives cyber criminals a tremendous opportunity to exploit the loopholes with ease," reads the report.
And, indeed, 21.4% of cyberattacks in 2021 impacted the public sector; only the infrastructure-services industry experienced more cyberattacks, at 33.7%. And while only 1.3% of cyber attacks in 2021 impacted the defense sector, that sector was in the top three of most-impacted industries across Latin America, the Middle East and Africa region, and Australia and Oceania.
That said, according to the report, both the media/entertainment sector and the education sector were also heavily targeted by nation-state actors for cyber-espionage purposes—while cyberattacks impacting the energy sector, many of which were high-profile, "have acted as a catalyst to further heat up geopolitical tensions."
Greed Gaining, Ransomware Rising
Still, threat actors are often capitalists at heart, and it shows in their work. Nearly 69% of cyber events in North America were motivated by financial gain, including most cyberattacks on the US energy sector and more than 90% of cyberattacks suffered by the US healthcare sector, according to the report. CyberRes Galaxy further reported that financial gain was one of the top two motivators for cyber attacks in both the Asia Pacific region and the Middle East and Africa region—and is likely to be the biggest motivation in the future for threat actors deploying attacks in Oceania.
Ransomware seems to be the go-to form of attack for the greedy. Nearly one in five cyberattacks in 2021 were some form of ransomware incident. The report also makes a number of references to upward-trending ransomware proliferation and "the growing motivation for financial gain." For example, the report notes, China-based APT27 has shifted its primary focus from cyber-espionage and intelligence-gathering to ransomware.
"The year 2021 was marked by a rapid surge in activities of financially motivated threat actors," reads the report, "leading to a huge number of ransomware attacks all over the world."
This is unsurprising given ransomware's reputation for strong ROI. In North America, for instance, CyberRes Galaxy found that more than 60% of companies targeted by ransomware "show an increased willingness to pay the ransom." This finding comes even as the FBI and other law enforcement agencies recommend against paying ransoms, so as to remove the perverse incentive for cyberattackers to adopt, continue, or scale up ransomware campaigns. Little wonder, then, that CyberRes Galaxy goes on to report that ransomware is the most prominent attack method deployed in North America.
The report also noted that other developments in 2021 opened up opportunities for new ransomware deployments, including "ransomware-as-a-service" tools and discoveries of major zero-day vulnerabilities such as Log4Shell.
The evidence of cyberattacker greed goes beyond ransomware itself. It shows up in where the attacks happen. Most cyberattacks in 2021 were against wealthy nations. Critical infrastructure—entities with the most at stake in the event of a data or systems compromise—remains a popular target for those looking to make a quick buck from those at their mercy. And, globally, the third-most cyberattacked industry in 2021 (following infrastructure services and the public sector) was the finance sector—bearing the burden of nearly 12% of cyberattacks. In particular, CyberRes found that, cyberattack-wise, finance was the third-most impacted sector in 2021 in Europe, the second-most in Asia, and the most impacted sector in Australia and Oceania.
"The rise in financially motivated threat actors has had a direct impact on this sector," reads the report, "given the high value and sensitivity of the data that financial institutions store (such as credit card details, social security numbers, account credentials, etc.)."
The best nascent opportunity for threat actors in this arena seems to come not from traditional banks but from digital disruptors—particularly, as the report notes, because of increased demand for and deployment of integrated digital payment methods in the wake of the COVID-19 pandemic. Accordingly, CyberRes Galaxy counts the recent cyberattacks in the digital-payment space as "numerous."
"Many emerging economies with low rates of bank account ownership have replaced the tradition of cash and cards with smartphones for financial transactions, due to high levels of mobile phone and internet penetration all over the world, especially in the Asia-Pacific region," reads the report. "The enlarging sphere of the digital payment landscape worldwide has invited multiple sophisticated cyber criminals to further exploit the finance sector."
Naturally, these exploitations often prominently feature cryptocurrency and blockchain technologies—not the panacea they were once hailed to be. CyberRes Galaxy expects the trend to continue, particularly in North America, citing recent hacks on cryptocurrency trading platforms.
"As cryptocurrencies become more popular and numerous, they will also be more targeted," reads the report. "Blockchain is often praised to be secure and unhackable, but recent events prove otherwise."
While CyberRes Galaxy cautions that these attacks are of emerging concern in the Middle East, governments in that region appear to have addressed the threat more proactively than North America has. The report makes mention of emerging regulations in the space—including, for instance, Dubai's regulatory framework for investment tokens.
Other regions, too, are taking proactive steps to secure digital payments. For instance, the report highlights an agreement between India and Singapore last year to link their respective digital payment systems—seeming to improve the speed and security of cross-border financial transactions. The report also points to collaboration among member states of the Association of Southeast Asian Nations (ASEAN), repeatedly praising their collaborative efforts on cybersecurity as "promot[ing] strong international ties for safeguarding the digital economy" and "taking the necessary steps to restrict threat groups from conducting large-scale cyberattacks in the [Asia-Pacific] region."
To this end, throughout its report, CyberRes Galaxy advocates for cross-sector and cross-border cooperation—in hopes that blue teams everywhere around the globe might share intelligence, best practices, and duplicative and mutually reinforcing regulatory measures to keep the bad actors at bay.
"[T]hreat groups are adopting state-of-the-art technologies and some are even shifting their primary focus," reads the report. "The rest of the international community must work together in technology transfer and intelligence sharing through multilateral collaboration to mitigate the risks posed by cyberattacks."