Ransomware attacks aimed at manufacturing grew by 50pc in 2022

15 Feb 2023

Image: © DC Studio/Stock.adobe.com

A Kroll report found that cybercriminals have been targeting certain sectors more frequently and are seeking to disrupt supply chains to add further pressure to pay ransom demands.

Ransomware spiked globally towards the end of 2022, due to more attacks targeting certain industries such as manufacturing, healthcare and telecoms.

That is according to a new analysis by consultancy firm Kroll, which found that the manufacturing sector in particular has become a more attractive target for criminals.

The company’s Threat Landscape Report found that ransomware attacks targeting the manufacturing sector grew by 50pc last year, making it the most impacted sector of 2022.

In 2021, the professional services sector was the most impacted sector, suffering 19pc of all ransomware attacks according to Kroll. But this dropped to 13pc in 2022, while manufacturing represented 21pc of all ransomware attacks for the year.

The MD of Kroll’s Cyber Risk business, Walmir Freitas, said manufacturing is an attractive target for criminals due to the level of business disruption a ransomware attack can cause.

“Often these sectors hadn’t typically seen themselves as targets for cybercriminals because they held limited sensitive information,” Freitas said. “But the growth in ransomware has changed the game; manufacturing organisations may be more willing to pay a ransom when their ability to operate is hanging in the balance.”

New and evolving threats

The Kroll report suggests cybercriminals are continuing to adapt and change their targets based on new vulnerabilities they detect.

For example, the technology sector saw a spike in ransomware attacks towards the end of 2022 as criminals sought to disrupt supply chains.

Kroll said it noticed a spike in attacks aimed at managed service providers (MSPs), as ransomware attacks can disrupt their operations with clients and add further pressure to pay a ransom.

Kroll Cyber Risk VP Stephen Green said MSPs being “prime targets” for cyberattacks is also supported by various industry warnings about supply chain risks.

“The access granted to an MSP also provides opportunities to conduct further attacks against its clients for additional payments,” Green said.

The report found that ransomware attacks dipped in the third quarter of 2022, which may be due to the disbandment of the Conti ransomware group – the same group behind the HSE cyberattack in 2021.

Kroll Cyber Risk associate MD Laurie Iacono said the “central story” of 2022 is the ability cybercriminals have to quickly “evolve and regroup” in the face of law enforcement activity and geopolitical issues.

“Not only have many familiar threats not gone away, but they continue to evolve and adapt,” Iacono said. “This was evidenced in the prominence of ransomware throughout 2022, hitting healthcare in Q2, then education in Q3, before a significant spike in technology and manufacturing in Q4.

“Timely threat intelligence from real incidents, deeply integrated into security response operations technology and teams will be key to cyber resilience in the year ahead.”

In recent cybersecurity predictions for 2023, Spencer Starkey of SonicWall predicted that healthcare and education will be among the sectors most targeted by cyberattacks this year.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic