Orange cautions of unexpected cyberattack shifts

Source: Cy-Xplorer 2023 report by Orange Cyberdefense

Source: Cy-Xplorer 2023 report by Orange Cyberdefense

  • Orange has issued its latest report on global cyberattack activity 
  • Threat actors increasingly targeted new countries and industries in 2022
  • While noting a slight decline in victims of cyber extortion in the past year, the company saw a significant increase in the first quarter of 2023

Striking trends have been discovered by Orange’s security services arm, suggesting that over the past year, cyber threats have been shifting to new geographical areas and their impact has increasingly been felt by economic sectors that were previously less attractive to criminals.

In its Cy-Xplorer 2023 report, Orange Cyberdefense (OCD) has focused on cyber extortion (Cy-X) activity (in which cybercriminals threaten to disable the operations of a target business or compromise its confidential data unless they receive a payment), based on data from 6,707 confirmed business victims in 2022.

Among the discoveries is a “notable shift” in the geographic distribution of victims.

For years, cyberattacks have typically targeted organisations in English-speaking countries due to their “presumed wealth”, but in 2022 there was a switch towards non-English speaking and developing countries (see graph in image, above). The highest increase in cybercrime was witnessed in the Southeast Asia region – up a staggering 42% compared to 2021, with the most affected countries being Indonesia, Singapore, Thailand, Philippines and Malaysia – followed by the Nordics, with a 40% increase, and Latin America, with a 32% spike.

Orange has also identified “a worrying trend” of attacks against government entities in Costa Rica, Peru, Mexico, Ecuador, Brazil and Argentina by numerous ransomware groups.

The trend of threats shifting towards developing countries, according to the telco, is because larger western countries have become more responsive to threats, so bad actors are “forced to seek out new hunting grounds” and are moving to regions where “the level of risk seems lower for them, which could partly be due to a lack of proactivity from local governments.”

According to OCD’s findings, more developed countries experienced a decrease in cyberattacks: For example, in Canada, the number of attacks dropped by nearly a third (28%), followed by the US with 21% fewer attacks, and Australia and New Zealand with a 11% decline.

Despite the decreases recorded in North America, it remained the most targeted region, accounting for nearly 45% of all ransomware attacks examined in the report.

Impact of the Russia-Ukraine war

“The number of victims headquartered in Europe has been experiencing a drop in cyber extortion attacks since the beginning of the Russian invasion of Ukraine,” according to the report, with the region recording a 2% decline, which Orange’s security services team described as a surprising trend.

The conflict between Russia and Ukraine “has influenced the Cy-X criminal landscape to some degree”, as the Conti’s [ransomware believed to be distributed by a Russia-based group] “alignment with Russia has instilled a political dilemma in an ecosystem typically driven by financial incentives,” the report said.

“Our investigation into whether NATO member countries were more affected since the war did not find any supporting evidence. Instead, we found that non-NATO countries were impacted more frequently in this period, including Brazil, Australia, Switzerland, Thailand and Taiwan,” the company stated.

Hit on industries

Another takeaway from the report is the shift in the industries and verticals being targeted by the cybercriminals. In 2022, Orange registered more victims than ever from the utilities sector (with a surge of 51%), educational services (up by 41%), finance and insurance (up 11%) and healthcare (up 5%).

Similar findings were also discovered by Verizon Business in its 16th annual Data Breach Investigations Report (2023 DBIR), which were recently presented by the company at its London offices.

The three most affected industries in 2022 did, however, experience “a considerable decline” compared to 2021, with manufacturing down by 39%, followed by professional services down by 25% and retail trade down by 11%.

Manufacturing has continued to take the biggest hit from cyberattacks, accounting for around one-fifth of all incidents. A similar finding was also highlighted in Orange’s Security Navigator 2023 report – see Orange highlights cyber threats to SMEs and manufacturers.

Orange’s data suggested that the total number of victims of Cy-X attacks declined by 8% in 2022, but this trend is thought to have been “short-lived” as its data for the first quarter of 2023 showed “the largest volumes to date”.

“Whilst 2022 witnessed a slowdown in the growth of attacks, we can see from Q1 that it’s not the time to become complacent. Our research shows that industry and government collaboration is the key to driving down malicious cyber activity, as Cy-X is not a problem that businesses can solve on their own,” said Hugues Foulon, CEO at Orange Cyberdefense.

According to Charl van der Walt, head of security research at Orange Cyberdefense, the industry must “pull together” and continue to share information about threats and attacks.

Yesterday, Nokia released its latest Threat Intelligence Report, which cautioned of a drastic rise in malicious activity on internet of things (IoT) devices – see Nokia Threat Intelligence Report finds malicious IoT botnet activity has sharply increased.

- Yanitsa Boyadzhieva, Deputy Editor, TelecomTV