Orange Cyberdefense has released its Security Navigator 2024 report (registration required). At 91 pages, it is not a quick or easy read. It delivers a lot of statistics on threats, the regions Orange Cyberdefense operates in and research on key areas.
The picture the report paints is one of concern for defenders and opportunism from attackers. Incidents continue to rise, with the company processing 30% more events across the world than in the previous year. That translates to 129,395 events, of which 25,076 (19%) were confirmed security events. That number is significant because security events are still masked by the scale of reporting.
Hugues Foulon, CEO, Orange Cyberdefense, said, “This year’s report underlines the unpredictable environment we face today, and we see our teams working harder than ever as the number of detected incidents continues to increase (+30% YOY). Whilst we are seeing a surge in the number of large businesses impacted by Cyber Extortion (40%), small and medium businesses together are making up nearly half of all victims (48%).”
Owned by French telecom giant Orange, Orange Cyberdefense operates globally, providing cybersecurity services and products. Foulon commented, “We will reach more than 1 billion euros turnover this year and we have more than 3,000 employees. We embrace a large scope of clients. In France, where Orange has a large footprint, the scope is from small and medium companies to large national accounts. Around the rest of the world, we focus mainly on large national accounts.”
Extortion continues to rise
Cyber Extortion continues to rise, with the victim pool rapidly expanding beyond the organisation that was breached. One reason for expanding the scam to customers, partners and employees of victims, is to pressure victims into paying. While that has had some impact, a new and unexpected twist has even seen attackers weaponise regulators by filing reports on companies that do not declare a cyber attack.
In the last year, Orange Cyberdefense saw extortion attacks rise by 46%. Organisations with more than 10,000+ employees made up 40% of the victims. 25% were small organisations while medium-sized businesses made up 23%. What is unclear is who are the remaining 12%? Orange Cyberdefense hasn’t said.
The vast majority of the victims are based in the US (53%). The UK (6%) and Canada (5%) round out the top three countries suffering attacks. Interestingly, Orange reports there is a “lateralization of the geographic distribution, illustrated by major YOY increases to victims in India (+97%), Oceania (+73%), and Africa (+70%).”
Analysis of the number of attacks and the number of attack groups shows remarkable similarities in trend. As parts of groups are shut down, attacks drop, and known groups drop. However, in almost every case, there is a fairly quick rebound. One reason is that there is an increasing number of groups recycling code from others as they splinter. It makes taking them down, incredibly hard.
There is, an interesting anomaly in the results. Attacks in China dropped 34%. What is unclear is whether that is due to a government crackdown or a lack of telemetry.
When it comes to victims, there are also some interesting shifts. For example, retail shows a 20% drop in attacks. It’s hard to see all of that as being due to better and more effective defences in just one year. Meanwhile, Manufacturing (+42%) and Professional, Scientific and Technical Services (+52%) continue to be the most attacked sectors. Finance and Insurance (+105%) and Education (+115%) are third and fourth respectively.
Hacktivism blurring the boundaries
The geo-political situation has created a more complex problem around hacktivism. It is no longer confined to those railing against big companies or governments; it has been highly politicised, especially with regard to the conflicts in Ukraine and Israel.
Many of the groups now calling themselves hacktivists are former and still active, cybercrime groups. They use hacktivism as cover for their cybercrime activities, such as cyber extortion and information theft. It is a pattern that has been seen over many decades where groups diversify from cause-based to a wider criminal organisation.
Orange Cyberdefense reports that the number of groups claiming to be hacktivists has seen a significant surge. It has also seen Europe (85%) impacted the most, with North America (7%) and the Middle East (3%). The countries attacked the most are neighbours of Ukraine.
Enterprise Times: What does this mean?
While we have only touched on two areas here, there is much more in this report that will interest readers.
As mentioned, there is a lot of information in this report but it is missing a lot of insight. While Orange Cyberdefense has done some analysis, the report itself feel more quantitative than qualitative. That is not unusual for reports today, but there are some glaring gaps in the report that could have been addressed with better insight.
The rise in cyber extortion is unlikely to slow down. Despite reports from other companies saying fewer people are paying, the sums paid are increasing. Governments can posture all they want about making payment illegal but when it takes down critical services, it will get paid.
Of more concern is that despite the highly publicised takedown successes against ransomware groups, they are replaced within days. Most of those replacements come from within the original attack group and they are able to spin up a new infrastructure with relative ease. They are also able to launder the proceeds of crime easily to allow them to cash out their ill-gotten gains.
It will be interesting next year to see what changes and how.