Vulnerable UK energy system among top targets for cybercriminals

Data shows the UK was the most attacked country in Europe, with the energy and finance sectors each receiving 16% of cyberattacks in 2022.

  • Wednesday, 22nd February 2023 Posted 1 year ago in by Phil Alsop

IBM Security has released its 2023 X-Force Threat Intelligence Index, which revealed that the UK’s energy industry was among the primary targets for cyberattacks for the second consecutive year, seeing 16% of all attacks. The UK was the top-attacked country in Europe, accounting for 43% of the attacks X-Force observed, followed by Germany (14%), Portugal (9%), Italy (8%) and France (7%).

 

With rising energy bills a key factor in the squeeze on UK consumer finances, the report highlights the threat of further pressure on an already vulnerable energy sector and the potential for data breach costs to trickle down to consumers through price rises. As many UK businesses strive to carefully manage costs, there is heightened risk of cybersecurity investment falling and vulnerabilities proliferating.

 

Cyber extortion threat grows across Europe

 

The most common impact from cyberattacks in 2022 was extortion, which was primarily achieved through ransomware or business email compromise attacks. With threat actors often seeking to exploit geopolitical tensions, the report found that Europe was the most targeted region for extortion in 2022. More than half of the cases X-Force observed in the UK involved extortion (57%) – twice the global average - followed by data theft (29%).

 

Backdoor deployments - malware that provides remote access - were the most common attacker action observed in the UK in 2022, comprising 18% of cases. Gaining backdoor access often precedes ransomware attacks, distributed denial of service (DDoS) attacks, and deployment of remote access tools, which were each involved in 14% of UK incidents.

 

Cybercriminals are overwhelmingly exploiting IT vulnerabilities in UK organisations to gain initial access. Last year, 50% of UK incidents — nearly twice the global average — were caused by the exploitation of vulnerabilities, highlighting the need for stronger vulnerability management programs, including better understanding of attack surfaces and risk-based prioritisation of patches.

 

Laurance Dine, Global Lead, IBM Security X-Force Incident Response said: “Extortion is a battle-tested technique that has grown even more pervasive than ransomware. It’s not only piling financial pressure on key UK sectors at a challenging time, but in many cases the burden is passed on to consumers in the form of price rises, exacerbating the cost of goods and utilities. Ultimately, attackers are always innovating and cyber-security strategies should be just as flexible and adaptable.”

 

Julian David, CEO, techUK said: “At a time of real economic uncertainty, this important report makes it clear that cyberattacks result in significant costs for organisations and citizens across the UK. The surge in extortion-based attacks is a real concern and it is critical that all UK organisations implement a flexible cyber strategy that encompasses people, process and technology. No out-of-the-box solution guards against these ever-changing and pervasive threats.”

 

James Sullivan, Director, Cyber Research, Royal United Services Institute (RUSI) said: “This report from IBM provides valuable evidence to show that cybercrime, in particular extortion from ransomware and BEC fraud, continues to impact the UK. If the UK’s aspiration for a ‘whole of society’ approach to cyber resilience is to be realised, how the country responds to cyber extortion over the coming years may be one way to bring the concept to life.”

 

The IBM Security X-Force Threat Intelligence Index tracks new and existing trends and attack patterns – pulling from billions of datapoints from network and endpoint devices, incident response engagements and other sources.

 

Globally, the 2023 IBM Security X Force Threat Intelligence Index also found:

 

Backdoor ‘profit equation’: A global uptick in backdoor deployments can be partially attributed to their high market value. Globally, X-Force observed threat actors selling existing backdoor access for as much as $10,000 – compare this to stolen credit card data, which sells for less than $10 per card today. This financial incentive has helped spur innovation from attackers.

Cybercriminals Weaponise Email Conversations. Thread hijacking saw a significant rise in 2022, with attackers using compromised email accounts to reply within ongoing conversations posing as the original participant. X-Force observed the rate of monthly attempts increase by 100% compared to 2021 data.

Legacy Exploits Still Doing the Job. The proportion of known exploits relative to vulnerabilities declined 10 percentage points from 2018 to 2022, due to the number of vulnerabilities hitting another record high in 2022. The findings indicate that legacy exploits enabled older malware infections such as WannaCry and Conficker to continue to exist and spread.