On the first day of National Cybersecurity Awareness Month in the United States. S. According to studies, there will be more important cyberattacks than in 2020, according to estimates.
According to a new document from employer QBE, Connected Business: Digital Dependency Fueling Chance, 211 destructive and dangerous cyberattacks are predicted for businesses this year.
Destructive incidents are reversible and even affect data accessibility, morality, or access — such as distributed denial-of-service attacks. Likewise, damaging assaults are inevitable and aim to have a real impact on people, like the Triton trojan, which disabled security systems at chemical plants.
In 2020, 103 cyberattacks were thought to be destructive and dangerous, which would be a 105 % increase over the next four years.
The firm Control Risks collected the data for the record. Instead of dumping information loss or situations like those of plain system settlement, they indexed a selection of “strategically important ” open-source and event response cases.
These major attacks from the previous four years include the following:
Observe: Ransomware Cheat Sheet: All You Need To Know In 2024
QBE, however, informed TechRepublic that the actual figures for destructive and dangerous problems are likely to be much higher than what is reported.
We anticipate more digital incidents affecting many businesses in a single attack as technology interdependencies expand, which means businesses are more likely to go through a destructive cyber event, the authors wrote.
Whether they are extorting ransoms or destabilizing political rivals, malicious actors can also target specific companies and harm them even more. ”
Ransomware hackers aim for bigger paychecks on large companies and administrative software.
According to the report, significant organizations and operating systems providers are prime target for ransom hackers.
Twisted organizations managing essential infrastructure are known for relying on tradition devices, as replacing technology while still carrying out regular operations is challenging and expensive, along with strict uptime requirements.
NCC Group documentation submitted for a U.S. K. According to a federal report on the risk of malware against regional security, “OT systems are much more possible to use outdated software that is no longer supported and/or be 20 to 30 years old. ”
This makes Twisted companies both visible and likely to pay a ransom, as interruption will result in serious consequences. In fact, the QBE report claimed that ransomware attacks against businesses in the industrial sector increased by 50 % between 2022 and 2023.
View: U. K. , U. S. and French Cyber Authorities Alert of Operational Technology Systems being attacked by pro-Russian hackers
The executives of large corporations are another group that are likely to concur with an attacker’s demands because they believe functional disturbance to be more expensive. QBE estimates that 25 % of organizations with annual revenues under$ 10 million pay ransoms after an attack, compared to 61 % of those with annual revenues of$ 5 billion.
These strategies have proven profitable. The average ransomware payout of 2023 was$ 2 million, a five-fold increase over 2022. According to the report’s authors, powerful law enforcement operations, like the LockBit, BlackCat, and Hive knockouts, have enabled criminals to target wealthy goals with the most compensation payments before they stopped.
Furthermore, now that takedowns are becoming more frequent, experts say that ransomware groups may view government retaliation as “inevitable, ” and therefore have no reservations about targeting large or critical organisations.
Researchers behind the QBE report predict that the number of ransomware victims will rise by 11 % from 2023 to 2025, with manufacturing, healthcare, IT, education, and government sectors most at risk.
Another ransomware tactic that the report highlights attackers use to have the most impact is one that targets IT supply chains. One reason is that, like with CNI, there are more businesses reliant on their services, which makes uptime more important. The other is because they give organizations the chance to attack multiple businesses from different sectors at once.
Over three-quarters of third-party incidents in 2023 are attributable to just three supply chain vulnerabilities, the report finds.
U.S. citizens are fearful and optimistic about artificial intelligence. K. enterprise security
QBE also polled 311 U.S. IT decision-makers in addition to the new report. K. in September about their security concerns, with AI, of course, being the hottest topics.
It revealed that a small, but significant, 15 % portion thought AI would elevate the risk of cyber attack. This is important, as 69 % of medium-to-large U. K. Businesses reported that cyberrelated events had already caused disruption to their operations last year.
With a script that “was highly likely to have been written with the aid of GenAI, ” HP intercepted an email campaign that was spreading malware in June. ” AI can lower the barrier to entry for cyber crimes, as less-skilled criminals can use it to generate deepfakes, to scan networks for entry points, for reconnaissance, and more.
A finance official in Hong Kong distributed$ 25 million to hackers who used AI to impersonate the chief financial officer at the beginning of the year. They sounded the executives ‘ voices during phone calls to approve the transfer.
SEE: Report Reveals the Impact of AI on Cyber Security Landscape
On the other hand, 32 % of U. K. Businesses told QBE that they believe AI will improve their cyber security, and that the Control Risks researchers believe it will increase the effectiveness of security and defensive measures.
David Warr, the QBE Insurance Portfolio Manager for Cyber, said: “A I is both a hindrance and a help to the cyber landscape. Cybercriminals and cyberactivists can launch larger-scale attacks more quickly as AI becomes more widely available. This faster and more accurate scale that AI has may be bringing about could threaten the cyber domain. However, controlled and managed use of AI can also help detect cyber vulnerabilities.
Companies in the U.S. K. and should businesses both large and small all over the world strengthen their resilience to both protect against cyberattacks and be prepared to respond in the event of a cyber-attack. ”
