While small cybercriminals continue to attack mostly individuals, more sophisticated and resourceful criminals (read: with money power) target industries using malware and ransomware to exploit vulnerabilities in a company's computer system. For example, in 2023, LockBit, one of the most notorious ransomware that claims to hack about 20 companies daily, reportedly earned US$120mn (million) as ransom channelled through bitcoins. However, LockBit is just one example that poses dangers to companies from various sectors.
An analysis by Trevor Cooke, a privacy expert at
EarthWeb, shows healthcare, financial and pharmaceuticals are the top three most targetted industries. "In 2023, the average cost of a data breach in the healthcare industry soared to US$10.93mn, marking a significant increase from the previous year's US$10.1mn. The sector's vulnerability stems from the wealth of sensitive information it handles, including patient records and medical histories, making it an attractive target for malicious actors seeking financial gain or to exploit data for nefarious purposes."
Following closely behind is the financial sector, where the average cost of a data breach amounted to US$5.9mn in 2023, the analysis reveals. "Financial institutions, encompassing banks, investment firms, and insurance companies, grapple with the constant threat of cyberattacks aimed at compromising valuable financial data or disrupting critical operations," Mr Cooke says.
His analysis shows that the pharmaceuticals industry also ranks high on the list of targeted sectors, with an average data breach cost of US$4.82mn in 2023. As companies race to develop and distribute life-saving medications, they face heightened risks of cyber espionage and intellectual property theft, further underscoring the need for robust cybersecurity defences.
Other industries, including energy, industrial and technology sectors, also experienced significant financial losses due to data breaches, highlighting the pervasive nature of cyber threats across the business landscape, he added.
Cybersecurity Ventures expects global cybercrime costs to grow by 15% per year, reaching US$10.5trn (trillion) annually by 2025, up from US$3trn in 2015. "Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm," it says.
According to a
report from New Indian Express LockBit hit four Indian companies, including Thrissur-based Double Horse, which is into food production, and garment production company V-Star based in Ernakulam. Other companies on their list are: Hyderabad-based pharma company Hetero and automobile parts manufacturer Vikrant Group from Vadodara.
"As part of its claim, there are pictures of bank account details, invoices, purchase orders, supply details, content on computer drives and driving licences of employees posted on its dark web portal. Prima facie, from the shared pictures, it seems that LockBit ransomware has hit the individual computers or laptops of employees," the report says.
However, the big cybercriminals, including those sponsored by a state, not only target industries but also use espionage campaigns against a high-level government target.
In its two-year-long investigation, the managed detection and response (MDR) team of security services provider Sophos found three distinct clusters of activity targeting the same organisation, two of which included tactics, techniques and procedures (TTPs) that overlap with well-known Chinese nation-state groups: BackdoorDiplomacy, APT15 and the APT41 subgroup Earth Longzhi.
According to the report, the different clusters appear to have been working in support of the Chinese state interests by gathering military and economic intelligence related to the country's strategies in the South China Sea.
"In this particular campaign, we believe these three clusters represent distinct groups of attacks who are working in parallel against the same target under the overarching directive of a central state authority. Within just one of the three clusters that we identified 'Cluster Alpha', we saw malware and TTPs overlap with four separately reported Chinese threat groups. It's well-known that Chinese attackers share infrastructure and tooling, and this recent campaign is a reminder of just how extensively these groups share their tools and techniques," it says.
Paul Jaramillo, director for threat hunting and threat intelligence at Sophos, says, "We have multiple threat groups, likely with unlimited resources, targeting the same high-level government organisation for weeks or months at a time, and they are using advanced custom malware intertwined with publicly available tools. They were, and are still, able to move throughout an organisation at will, rotating their tools on a frequent basis. At least one of the activity clusters is still very much active and attempting to conduct further surveillance."
"By having the bigger, broader picture, organisations can be smarter about their defences," he added.
In response to the escalating threat landscape, we, as individuals and businesses or companies, must understand that cybersecurity is not a one-time investment but a continuous process of adaptation and improvement.
Having said that, cybersecurity experts advocate proactive measures to bolster organisations' defences and mitigate the risk of cyberattacks.
Here are recommendations offered by Mr Trevor from Earthweb...
Implement multi-layered defense mechanisms
Organisations should adopt a multi-layered approach to cybersecurity, combining firewalls, antivirus software, intrusion detection systems, and endpoint protection. This defence-in-depth strategy helps mitigate the risk of breaches by providing multiple barriers against attacks.
Additionally, consider implementing advanced security technologies such as endpoint detection and response (EDR) and security information and event management (SIEM) systems for enhanced threat detection and response capabilities.
Regularly update software and patch management
Ensure all software, including operating systems and applications, is promptly updated with the latest security patches. Vulnerabilities in outdated software are often exploited by cybercriminals to gain unauthorised access to systems and data. Implement automated patch management tools to streamline the process and ensure timely updates across the organisation.
Enforce strong authentication and access controls
Implement robust authentication methods, such as multi-factor authentication (MFA), to verify user identities and prevent unauthorised access. Additionally, enforce least privilege principles to restrict access to sensitive data and systems only to those who require it for their roles. Consider implementing privileged access management (PAM) solutions to manage and monitor access to critical systems and resources.
Conduct regular penetration testing and security audits
Proactively assess the security posture of your organisation through regular penetration testing and security audits. These assessments help identify potential vulnerabilities and weaknesses that could be exploited by attackers, allowing for timely remediation. Work with experienced cybersecurity firms or consultants to conduct comprehensive assessments and provide actionable recommendations for improving security.
