Construction and transport are most targeted by cybercriminals
The construction sector (with an average of 226 incidents annually) is the most targeted by cyber criminals closely followed by transport (167), wholesale trade (138), manufacturing (116) and retailers (105).
A new report from ReliaQuest, based on data from 35,000 incidents affecting its clients, shows the most detected attack technique is the attempted exploitation of exposed remote services, such as virtual private networks (VPNs) and remote desktop protocol (RDP).
Initial Access Brokers (IAB) provide a route into the above and compromised RDP is the most commonly advertised on criminal forums with 24.4 percent of all listings with an average price of $1,000 but can fetch up to $2,700. VPNs are also used to gain access to organizations and details are commonly sold for an average of $500.
Another trend identified is the use of the SocGholish (aka FakeUpdates) malware distribution framework. This common initial access method deceives individuals into downloading a fake web-browser update which contains an archive file with an embedded SocGholish JavaScript payload.
Mike McPherson, SVP of security operations at ReliaQuest says,
Criminals are using any means at their disposal to infiltrate organizations, and the exploitation of remote services continues to be the easiest way in. It’s essential for organizations to adequately monitor and secure these.
Ransomware remains the biggest risk facing business in 2023, and the last quarter saw more victims than ever before. Utilizing malware such as SocGholish has made their efforts more potent, which is why keeping abreast of the latest developments in tactics, techniques and procedures (TTPs) of ransomware activity, in addition to tracking groups known to be targeting your sector, is the best way to stay ahead of the curve from this pernicious activity.
The manufacturing sector is the most targeted by IABs with 142 listings advertised and also the most claimed by ransomware groups with 614 victims. Similarly, professional, scientific and technical services are ranked second for both with 136 IABs listings and 464 claims by ransomware groups.
You can find the full report on the ReliaQuest site.
Image Credit: 3d imagination / Shutterstock