Orange Cyberdefense has released a new report, Cy-Xplorer 2023, in which it provides a detailed analysis of cyber extortion (Cy-X) activity during 2022. Examining data from a total of 6,707 confirmed business victims, the findings show a fluctuation in the number of victims across different countries and industries, with attacks expanding to new regions.
While the data shows a decrease of Cy-X victims (8 percent) in 2022, this reduction seems to have been short lived as the latest data shows the largest volumes to date in Q1 2023. The report suggests that 2022 was the year of ‘distraction’ and rebranding for some of the major Cy-X operations that Orange Cyberdefense is monitoring.
The geographical shift of Cy-X attacks has continued with a significant year on year increase (42 percent) in Southeast Asia, with Indonesia, Singapore, Thailand, Philippines, and Malaysia the most impacted. Simultaneously there has been a decrease in victims in regions such as North America and Europe.
Previously Orange Cyberdefense observed that countries are mostly targeted opportunistically, and the number of victims depends primarily on the number of organizations registered in a country. However, this general trend is changing as bigger Western countries respond actively to the threat, and threat actors are forced to seek out new hunting grounds. As such, threat actors are focusing on regions where the level of risk seems lower for them, which could partly be due to a lack of proactivity from local governments.
The war in Ukraine has disrupted the Cy-X ecosystem
The data from the report shows that the war in Ukraine has had a noticeable impact on Cy-X, slowing down activities and causing threat actors to regroup before continuing their attacks.
Geopolitical tensions resulting from the Ukraine war has seen many countries firmly shifting their allegiance to one side or the other in the conflict, creating expectations that Cy-X patterns would follow suite. Indeed, the findings show that in 2022, 74 percent of all victims were from NATO countries. However, Cy-X impacting NATO countries decreased noticeably at the start of the war and continued to decrease as the war progressed. Activity during this time from pro-Russian threat actors did not result in a proportional increase in Cy-X victims among NATO member countries.
Orange Cyberdefense observed a dramatic shift in Q1 2023 and especially March 2023, which shows a different trend, illustrated by the spike in threat actor activity. Whether this is going to continue is difficult to foresee.
Whilst Orange Cyberdefense expected to see more organizations from NATO-member countries being impacted, we observed exactly the opposite. Non-NATO countries from regions such as Latin America (+32 percent), and Southeast Asia saw an uptick in victim numbers instead. How this is influenced by the political situation of the Ukraine war is not entirely clear, but it can be said with some confidence that the war has not spawned an increase in Cy-X incidents for NATO member countries so far as fewer are being impacted over time.
Threat actors changing tactics – moving from manufacturing to utilities and education
In 2022 manufacturing was the biggest industry impacted, with roughly one fifth of all victims within this industry. However, the report also notes a decrease of 39 percent for this sector, with the second half of 2022 showing a noticeably lower number of victims. One reason for this sharp decline is most likely the closure of the Conti group’s criminal activities.
The educational sector suffered much more in 2022 when compared to the year before, with an increase of 41 percent. And particularly at the hands of the Vice Society group.
The utilities sector saw an increase of 51 percent, but the actual numbers of observed victims in 2022 remained low (35 victims).
The report also highlights how the financial sector has seen an increase of Cy-X attacks, (+11 percent) with over 130 financial institutions becoming victims of Cy-X. 75 percent of all victims have under 1,000 employees.
With regards to business size, 2022 saw large organizations impacted the most, representing 36 percent of all victims, but small and medium organizations were not far behind. 30 percent of all victims were small organizations, while medium-sized businesses made up 24 percent.