The volume of cyber intrusion activity globally soared in the first half of 2021 compared with the same period last year, according to Accenture’s Cyber Investigations, Forensics &amp; Response midyear update.
The triple-digit increase (125%) was driven primarily by web shell activity, which is the use of small pieces of malicious code to gain remote access and control, targeted ransomware and extortion operations and supply chain intrusions, the company said.
Ransomware and extortion “continue to reign supreme as the top malware category (38%) observed and second-highest incident type (29%) by volume,” the update stated.
The U.S. topped three countries that accounted for more than 70% of the incident volume observed by the CIFR team, Accenture said. The U.S. accounted for 36% of incident volume, followed by the U.K. (24%) and Australia (11%), according to the update.
Companies with annual recurring revenue of $1 billion and higher, were the biggest victims (70%) of ransomware and extortion, the update noted.
From an industry perspective, consumer goods &amp; services was most frequently targeted, accounting for 21% of cyberattacks, followed by the industrial/manufacturing, banking, and travel &amp; hospitality industries, at 16%, 10% and 9%, respectively.
“Many organizations today are only securing their core corporate systems and not fully protecting their supply chain, subsidiaries and affiliates. That’s why it’s critical for companies to have a holistic plan to cover their entire ecosystems,” said Robert Boyce, who leads Accenture’s global cyber investigations, forensics and response business, in a statement. “Industries that previously experienced lower levels of cyberattacks during the pandemic―such as consumer good &amp; services, industrials, travel and hospitality, and retail―should reevaluate their cybersecurity posture as increased consumer activity in these industries present renewed opportunities for cybercriminals.”
The findings also detail malware categories by volume, top ransomware variants observed, and industries targeted most often by ransomware in the first half of 2021. Among the key findings:
The largest malware category observed by volume was ransomware at 38%, followed by backdoors at 33%.
The top ransomware variant observed was REvil/Sodinokibi, accounting for25% of ransomware.
The insurance industry was targeted most often by ransomware operators and accounted for 23% of ransomware attacks, followed by consumer goods and services (17%) and telecommunications (16%).
Companies with annual revenue of $1 billion to $9.9 billion accounted for more than half (54%) of ransomware and extortion victims, followed by companies with annual revenue between $10 billion and $20 billion (20%).
Watchlist for the future
The Accenture update listed a number of implications from these findings for the second half of the year:
Return to normal could turn the spotlight on “dormant” industries. As the global pandemic begins to wane, world economies will expect to return to pre-pandemic levels. But the company stressed that this is no time for complacency and said it expects industries such as consumer goods and services, industrials, travel and hospitality and retail—already reeling from lockdowns and staff shortages—to experience upward trends in threat activity.
Ransomware and extortion operations are expected to retain pole position. While not a surprise, it bears repeating: Despite heightened awareness, government action and industry collaboration, ransomware is likely to remain one of the top threats to businesses globally. If anything, it has entered a new phase as threat actors adopt stronger pressure tactics and capitalize on opportunistic intrusion vectors, Accenture said.
Chaining vulnerabilities and more web shells, everywhere. Despite a sweeping executive order on cybersecurity, threat actors are expected to continue to take advantage of product and supply chain weaknesses for opportunistic intrusion vectors and enhanced persistence operations, Accenture said. Watch for the uptick in web shell activity to continue into the second half of the year.
Accenture’s Cyber Investigations, Forensics &amp; Response (CIFR) midyear update is based on data collected from CIFR incident response engagements between January and June 2021, the company said.