Cyber-Threat Actors Tailoring Attacks to Key Sectors

Written by

Cyber-threat actors are becoming increasingly efficient in the way they target key industries, operating like businesses, according to a new report by Darktrace.

The study, which analyzed attack data relating to the energy, healthcare and retail sectors in 2022, showed that threat actors are tailoring their tactics to specific industries, based on efficiency and cost-effectiveness.

Speaking to Infosecurity, Toby Lewis, global head of threat analysis at Darktrace, explained: “The reports reflect the ever-present reality that cyber-threat actors ultimately think like enterprises in what has become a multibillion-dollar industry: How can I make my hackers more efficient? How can we attack even more targets? How can I achieve better results with less resources?”

He added that this approach will lead to a constant evolution of tactics, making attacks less predictable for cybersecurity teams.

Crypto-mining in the Energy Sector

Darktrace found that the energy sector experienced a huge rise in crypto-mining threats in 2022. In UK energy firms, high-priority crypto-mining accounted for a 13-times increase in the proportion of observed cyber-incidents compared to 2021, while in the US it was three-times more.

Crypto-mining is where bad actors steal energy and processing power from other devices and networks. Energy suppliers are a particularly tempting target for this vector as they typically have a vast OT infrastructure with access to huge supplies of energy.

While this technique is often viewed as insignificant compared to other forms of compromise, the researchers pointed out the cost and damage it can cause to organizations, such as slowing down systems and damaging productivity. Accessing a network illegitimately for crypto-jacking purposes can also be a precursor for more severe attacks to be launched, including ransomware.

Lewis warned: “Neglecting the so-called small things like crypto-jacking is symptomatic of a wider problem in cyber, an ambivalence towards what is largely seen as the background noise of the internet.”

He highlighted the importance of preventing crypto-jacking to an organization’s overall security posture: “To achieve the scale of deployment that crypto-jackers are looking for, illegitimate network access must have been enabled by something relatively low-cost: a pervasive software vulnerability or default, weak or otherwise compromised credentials. This means that if crypto-mining software could be installed, the basics aren't being done right somewhere,” he said.

In addition, the report noted that the prevalence crypto-mining is helping fund cyber-criminal and nation-state groups, helping grow cybercrime globally.

Attacks on Online Accounts in Retail

In the retail industry, cyber-criminals increasingly focused attacks on online accounts last year, as online shopping continued its huge growth post-COVID. For example, the researchers found that credential theft, spoofing and stuffing accounted for over a 170% growth in the proportion of all observed cyber incidents in the US retail sector compared to 2021. In Australia, there was a 70% increase and in the UK there was a rise of 14%.

Lewis highlighted the need for stronger authentication processes to be in place for online shopping accounts as a result.

“The rise in the proportion of credentials theft in the retail sector, which was seen across all three regions is also indicative of the new trend towards simply ‘logging in’ using stolen or leaked credentials and should act as a warning to organizations that a simple password and username are not enough of a barrier to ensure only trusted users have access to systems anymore.”

Healthcare a Major Target for Data Exfiltration

Healthcare organizations have been a major target for ransomware attackers in recent years, with cyber-criminals viewing them as particularly ‘soft’ targets due to the potentially devastating disruption caused by taking hospital systems offline and the highly sensitive patient data these bodies hold.

In December 2022, a leading Canadian children’s hospital was hit by a ransomware attack, which later saw the attackers handing over a free decryption key.

The Darktrace report observed a “notable rise” in data exfiltration threats targeting the UK and Australian healthcare sectors in 2022 compared to 2021. However, there was a decline in this attack vector in the US in the same period, although it remained the third most common threat observed.

Summing up the findings, Lewis commented: “The trends reveal crucial sector-specific challenges, from the tendency for hackers to siphon off the energy sector’s resources in the form of crypto-jacking, through to the invaluable nature of patient data which leads to data exfiltration in the healthcare sector.”

What’s hot on Infosecurity Magazine?