Cyber-attacks on critical infrastructure by nation-state bad actors have increased significantly and India observed a 70 per cent increase in ransomware activity in the fourth quarter (Q4) of 2021, a new report said on 27 April.
According to the report by cybersecurity company Trellix, over half of adversarial advanced persistent threat actor activity originated from Russian and Chinese backed groups and Russian-backed groups like APT29 have continued to greatly increase their activity in 2022.
Reports surfaced last week that a Russian malware planted from a server in Nigeria was used for a cyber attack on Oil India’s (OIL) system in Assam.
The state-owned company had suffered a major cyber-attack in its field headquarters in eastern Assam’s Duliajan, with the hacker demanding $75,00,000.
The report found a significant 73 per cent increase in cyber incidents targeting individuals and positioned people as the top attack sector in Q4 2021.
Individual consumers are the top target of cybercriminals, closely followed by the healthcare vertical.
Additionally, the transportation, shipping, manufacturing and information technology industries showed a sharp increase in threats.
“We are at a critical juncture in cybersecurity and observing increasingly hostile behaviour across an ever-expanding attack surface,” said Christiaan Beek, lead scientist and principal engineer, Trellix Threat Labs.
The fourth quarter signalled the shift out of a two-year pandemic which cybercriminals used for profit and “saw the Log4Shell vulnerability impact hundreds of millions of devices, only to continue cyber momentum in the new year where we’ve seen an escalation of international cyber activity,” he added.
Transportation and shipping were the target of 27 per cent of all advanced persistent threat (APT) — activity by adversarial and stealthy actors — detections.
Healthcare was the second most targeted sector, bearing 12 per cent of total detections.
From Q3 to Q4 2021, threats to manufacturing increased 100 per cent, and threats to information technology increased 36 per cent, said the report.
APT29, believed to conduct operations for Russian government entities, ranked most active among nation-state groups.
Malware was the technique used most often, accounting for 46 per cent of total cyber incidents.