Industries are the backbone of global economies, driving innovation, creating jobs, and fostering prosperity. However, they are increasingly vulnerable to cyberattacks, which threaten economic stability and national security. These attacks can disrupt production, supply chains, and livelihoods, leading to economic instability and job losses. They also pose significant risks to essential services and national defense capabilities.
In the first half of 2024, there was a notable increase in cyberattacks targeting specific sectors. According to Critical Start’s biannual Threat Intelligence Report, the most impacted sectors were Manufacturing and Industrial Products; Professional Services; Engineering and Construction; Technology; and Healthcare and Life Sciences. The report analyzes the cybersecurity landscape of H1 2024, highlighting the most prevalent exploit tools, prominent malware families, and common attacker tactics used against these five industries. These attacks often exploit supply chain vulnerabilities and interconnected systems to gain unauthorized access. Understanding how cybercriminals operate and which industries are most vulnerable will enable organizations to educate themselves, proactively prepare for future attacks, and increase overall cyber resilience.
Listen Now: Tech-IT Times by CIOInfluence.com Featuring Todd Cramer, Director Business Development- Security Ecosystem at Intel CCG-Commercial Client Group
Manufacturing: A Prime Target
Critical Start’s Threat Intelligence Report found that manufacturing and industrial products remained the top targeted industries by cyber threat actors, with 377 confirmed reports of ransomware and database leak hits in H1 2024. The most common tactics, techniques, and procedures used by threat actors in the sector were spearphishing attachments, exploitation of remote services, and public-facing applications. For instance, in June 2024, Crown Equipment Corporation, a leading global manufacturer of material handling equipment, disclosed that it had been targeted by a cyberattack. This incident disrupted the company’s manufacturing operations, requiring a temporary suspension of production and impacting their publicly accessible website.
Professional Services: A Treasure Trove for Cybercriminals
Professional services, including consulting, legal and accounting services, advertising and marketing, and other B2B services, have become prime targets for database leaks and ransomware attacks due to their abundance of intellectual property and sensitive data. Compared to 2023, these incidents jumped by 15%, with 351 cases reported in 2024 compared to 334 in the previous year. These campaigns are mainly executed via spearphishing attachments and external remote services.
Healthcare and Life Sciences: A Growing Concern
Healthcare and Life Science entities saw a targeted 180% increase in ransomware and database leak incidents in February 2024 compared to the previous year. February, April, and May saw the most attacks, collectively accounting for 63.68% of all incidents. Healthcare and life sciences organizations based in the U.S. were the most impacted, with 68.66% of all incidents. Bad actors frequently gained initial access to networks via supply chain compromises and valid accounts.
Engineering and Construction: Consistent Targets
Engineering and construction remained consistent targets for cyberattacks in the first half of both 2023 and 2024. The U.S. experienced a staggering 46.15% increase in cyberattacks in the first half of 2024 compared to 2023. Even more concerning, four organizations within the United States were hit with repeat attacks, sometimes by different cybercriminals. This highlights the importance of threat intelligence knowledge sharing to understand weaknesses and mitigate cyber risks.
Technology: Fewer Attacks, Higher Stakes
The report found a 12.75% decrease from H1 2023 in database leaks and ransomware attacks targeting technology companies. While technology companies appear to be experiencing fewer attacks, cybercriminals are strategically targeting critical technologies that underpin major economic industries. For instance, auto dealerships experienced significant sales disruptions following the CDK Global cyberattack in June. The ransomware attack led to a nationwide shutdown of systems, affecting approximately 15,000 CDK retail locations. This incident caused significant disruptions in supply chain operations, as auto dealers depend on CDK Global’s software for vehicle acquisition, financing, repairs, and maintenance tracking.
Also Read: CIO Influence Interview with Neal Quinn, Head of Cloud Security Services, North America at Radware
Emerging Threats and Concerns
The first half of 2024 witnessed a worrying surge of 15% in reported database leaks and ransomware attacks as compared to 2023. Phishing techniques were the most prevalent tactic used by malicious actors, accounting for nearly 60% of assessed instances. Frequently, cybercriminals resorted to sending multiple malicious links to potentially enhance success rates, evaluate susceptibility of an individual, or sustain pressure.
Business Email Compromise (BEC) attacks remain a top cybersecurity concern for businesses in 2024. These attacks leverage social engineering tactics to manipulate employees into handing over sensitive information or authorizing fraudulent transactions. In 2023 alone, BEC attacks accounted for $2.9 billion in losses. Previously focused on large corporations, BEC scammers are now targeting smaller, less cybersecurity-conscious businesses.
Deepfakes, cleverly manipulated audio and video content designed to appear real, are a major social engineering weapon for cybercriminals. The report shows a surge in deepfake attacks, with a 3,000% increase in fraud attempts in 202 and estimated global financial impact of $1 trillion in 2024. Social media further amplifies these dangers as deepfakes can spread easily on these platforms, potentially causing significant losses for companies and fostering societal unrest.
Open-source code repositories, a cornerstone of collaboration in the developer world, are also becoming targets for malicious activity. In 2024, attackers are increasingly using these repositories to launch repo confusion attacks and supply chain attacks. Repo confusion attacks involve creating fake copies of popular repositories on platforms like GitHub. Supply chain attacks target the open-source software supply chain itself, compromising legitimate projects and injecting malicious code.
Best Practices to Strengthen Cyber Defenses
In the ever-evolving cybersecurity landscape, organizations face increasingly sophisticated threats. While compliance frameworks generally remain consistent, the specific evidence required to demonstrate compliance evolves. This underscores the importance of flexible security strategies that extend beyond simply following static frameworks.
Fostering a robust security culture is essential. Each person in an organization shares the responsibility for safeguarding their platform and internal network. Educating and training users is crucial, including regularly conducted phishing tests and security training sessions. By teaching employees to recognize and report suspicious messages or activities, organizations can establish a sustainable method for enhancing security. These training sessions should help employees grasp their role within the larger security framework, making best practices a natural part of their routine.
Technical measures are equally important. Using Endpoint Detection and Response (EDR), Managed Detection and Response (MDR), and patch management solutions will ensure comprehensive coverage for quickly identifying and addressing vulnerabilities. Most successful attacks exploit older, known vulnerabilities that could have been avoided with timely patching. Organizations should prioritize updating third-party applications within a month of their release.
Also Read:Â Future of Endpoint Detection and Response (EDR) in Cybersecurity
Collaboration and knowledge sharing among internal and external peers to share threat intelligence findings will help enhance everyone’s defenses. Cybersecurity is an ongoing process, and by continuously educating themselves, assessing and improving their security posture, organizations can stay ahead of cybercriminals and safeguard their critical data.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
