Darktrace notes health, retail and energy cyberattack trends
Darktrace, a firm providing cyber security artificial intelligence, has released three new cyber-threat trend reports revealing 2022 attack data observed across its global customer fleet. The industry reports are related to the energy, healthcare, and retail sectors.
"These industry-specific reports are the first of their kind released by Darktrace, representing an important effort to surface the data underpinning the rapidly evolving threat landscape that we are defending against," says Toby Lewis, Global Head of Threat Analysis, Darktrace.
"The trends reveal crucial sector-specific challenges, from the tendency for hackers to siphon off the energy sector's resources in the form of crypto-jacking, through to the invaluable nature of patient data which leads to data exfiltration in the healthcare sector. The surge in credential-based attacks across the retail sector reflects the fact that identity theft will be a key trend for 2023, increasing the need for AI-based behavioral analytics for understanding employee actions in rich context and authenticating the actions taken using certain credentials."
Against a global energy crisis, Darktrace's energy sector report reveals that illegal crypto-mining threats, whereby bad actors steal energy and processing power from other devices and networks, are rising across the industry.
Notable findings include high-priority crypto-mining accounted for 13 times more of all observed cyber incidents in the UK energy sector in 2022 compared to 2021.
The report divulges two real-world crypto-mining threat finds from a European and US energy organization, which were stopped by Darktrace's AI technology. In the former case, attackers were caught attempting to mass pool crypto-mining capabilities using five internal servers at the organization.
As online shopping remains popular, Darktrace's retail sector report reveals that throughout 2022, criminals increasingly turned toward credential theft, spoofing and stuffing to target this multi-billion-dollar industry's online infrastructure.
Notably, credential theft, spoofing and stuffing accounted for over 14% more of all observed cyber incidents in the UK retail sector in 2022 compared to 2021. The corresponding figure for Australia was 70%.
One threat finds in the report from August 2022 details the discovery of a never-before-seen attack tool lying dormant inside a well-known UK automotive retailer. Months before the retailer had adopted Darktrace, one of its devices had become infected with novel malware that lay dormant, establishing a foothold and waiting for the right time to launch an attack.
After deployment, Darktrace AI caught the malware when it made multiple authentication attempts using spoofed credentials for one of the organization's security managers. If successful, the attack could have undermined the organization's entire security posture, allowing malicious software to gain control of the company's infrastructure from within.
Unusual login and new email rules (SaaS)' accounted for almost 70% more of all cyber incidents in the sector in 2022 compared to 2021.
The retail sector is evolving to meet this growing threat by investing in state-of-the-art security measures. As a result, according to forecasts, global security revenues in retail are headed for solid growth in the next few years, growing from US$7 billion in 2019 to US$12 billion by 2025.
Often viewed as a soft target for cyber-criminals, hospitals and other healthcare organizations are extremely rich data sources from which attackers can make a profit by selling patient information such as medical records, credit cards or banking details.
Darktrace's healthcare sector report notably revealed that data exfiltration was one of the top three observed threats faced by healthcare providers globally, with organizations in the UK and Australia suffering an increased volume in 2022.
The most common attack type observed across healthcare globally in 2022 was suspicious network scanning, a form of intelligence gathering which often constitutes the initial phase of a cyber-attack
The report details a sophisticated real-world threat faced by a US healthcare provider in which a malicious PowerShell script was discovered to be deployed on one of the organization's internal servers, an attempt to give bad actors remote control over the target network. Darktrace's RESPOND technology autonomously thwarted the threat before attackers could harm.
The most observed cyber incident in the Australian healthcare sector was suspicious network scan activity, compared with the previous year when multiple lateral movement model breaches occurred. These two were followed by enhanced unusual external data transfer this year.