in Security

Darktrace reveals ICT is predominant cyber-attacker target

Posted 13 December 2021

Cambridge headquartered Darktrace today reported that information technology and communications (ICT) was the most targeted industry sector globally in 2021, as uncovered by Darktrace's security researchers.

Image copyright Shutterstock

Darktrace's data is developed by 'early indicator analysis' that looks at the breadcrumbs of potential cyber-attacks at several stages before they are attributed to any particular actor and before they escalate into a full-blown crisis. Darktrace's findings show that its artificial intelligence autonomously interrupted an average of 150,000 threats per week against the sector in 2021.

The IT and communications sector includes telecommunications providers, software developers, and managed security service providers, amongst others. Darktrace also defends several backup vendors and has observed a growing trend of hackers targeting backup servers in an attempt to deliberately disable or corrupt backup files by deleting a single index file that would render all backups inaccessible. Attackers could then launch ransomware attacks against the clients of the backup vendor, preventing recovery and forcing payment.

In 2020, the most attacked industry across Darktrace's global customer base was the financial and insurance sector, showing that cyber-criminals have shifted their focus over the last 12 months.  

"Over the last 12 months, it is clear that attackers are relentlessly trying to access the networks of trusted suppliers in the IT and communications sector. Quite simply, it is a better return on investment than, for example, going after one company in the financial services sector. SolarWinds and Kaseya are just two well-known and recent examples of this. Sadly, there is likely to be more in the near term," commented Justin Fier, Darktrace Director for Cyber Intelligence and Analysis.  

The findings of this research mark one year since the compromise of US software company SolarWinds rattled the security industry. This landmark supply-chain attack made thousands of organisations vulnerable to infiltration by inserting malicious code into the Orion system. Over the last 12 months, there has been a continued spate of attacks against the IT and communications sector, including the high-profile attacks on Kaseya and Gitlab.

Threat actors often use software and developer platforms as entry points into other high-value targets, including governments and authorities, large corporations and critical infrastructure. Darktrace found that the most common attempted break-in method was through email, with organisations in the sector receiving an average of 600 unique phishing campaigns a month in 2021.

Contrary to popular belief, the emails sent to these organisations did not contain a malicious payload hidden in a link or attachment. Instead, cyber-criminals used subtle and sophisticated techniques sending 'clean emails' containing only text attempting to coax recipients into replying and revealing sensitive information. This method is effective because, by compromising these email accounts, hackers can then exploit the trusted relationship between the software supplier and the intended targets.

These methods easily bypass legacy security tools that rely on checking links and attachments against blocklists and signatures. AI can stop these emails from reaching employees' inboxes by identifying the full range of anomalies, including even the most subtle indicators.

"The reality is that attackers are patient and creative. They will usually go right through the front door by compromising trusted suppliers in the IT and communications industry. To downstream customers, it appears as business as usual and is just another application or piece of hardware from a trusted supplier," continued Fier. "There is no magic solution to finding attacks embedded in your software suppliers, so the real challenge for organisations will be to operate while accepting this risk. Getting a sense of what is normal for the software you are trusting will be paramount. AI is perfectly suited for this job; spotting the subtle changes presented by a piece of software that has been compromised will be key to fighting this problem in the future."

 

 

 

Other Stories
Advertisement
Latest News

Catagen gets BEIS backing to accelerate bio-hydrogen production

Belfast based zero emissions and air quality technology company, Catagen, has been awarded a new grant by the UK’s Department for Business, Energy and Industrial Strategy (BEIS) funded through the Net Zero Innovation Portfolio

British Army kit advancing in step with new materials

Advances in technology are driving change when it comes to the clothing worn by British soldiers, so the next time you see one of our service personnel in uniform, be assured that from head-to-toe everything they are wearing is real high

QinetiQ wins $45m US Army contract

QinetiQ Group plc has won a contract worth $45 million to provide technical services to the US Army.

Space-Comm Expo to boost commercial space development

The UK's largest exhibition focused on the future of space for business, defence and aerospace, Space-Comm Expo, will further boost a global commercial space industry that is already growing exponentially, with over 130

Behind the scenes with the UK’s largest regional airline

If you have ever wondered what really happens in an airline beyond take-offs and landings, a new 10-part BBC series launching next Monday will offer an exclusive insight into the lives of the younger members of the team at Loganair, the

Smiths Detection and Block to develop non-contact chemical detection for US DoD

Smiths Detection Inc., alongside Block MEMS, LLC (Block), has been selected by The Defense Threat Reduction Agency (DTRA) and the Joint Program Executive Office for Chemical Biological Radiological Nuclear Defense to develop a

Schiebel
See us at
Future Arm Vehicles Power Systems BTAdvanced Engin BT2504031122DVD BT2704220922GlobalMilSatCom BT2006101122