Network security service provider Orange Cyberdefense releases the "Security Navigator 2023" security-oriented research report

Cybersecurity service provider Orange Cyberdefense releases "Security Navigator 2023" security guide

Research report: Cyber ​​extortion incidents occur frequently, 40% of which are caused by malware. Europe is the target center of attackers, with small and medium-sized enterprises, manufacturing and public sectors bearing the brunt.

Enterprises of all sizes are subject to attack risks, with incidents caused by malware accounting for 40% of the total CyberSOC (Detection and Response Operations Center);

 More than 99,000 investigations revealed that the number of security incidents increased by 5% year-on-year, with an average of 34 security incidents per customer per month and at least 1 security incident per organization per day;

The location of cyber extortion victims has changed significantly from 2021 to 2022, with a decrease in the number of victims in North America (US -8%, Canada -32%), but Europe (+18%), the UK ( The number of victims increased in Northern Europe (+138%) and East Asia (+44%);

The report points out that small businesses in particular need to deal with the challenges posed by malware incidents (49%), while manufacturing is the industry most affected by cyber extortion, and public administrations mainly need to deal with crises caused by internal factors (66%);

 Nearly half (47%) of all security incidents detected by CyberSOC resulted from intentional or unintentional actions by internal actors;

 The "Security Navigator 2023" research report includes for the first time nearly 5 million pieces of anonymized proprietary data at the patch level of mobile devices to illustrate the differences between Android and iOS operating system vulnerabilities.

"Security Navigator 2023": The number of security incidents continues to rise, but the pace has slowed down

Recently, Orange Cyberdefense, a network security service provider under the Orange Group, released the annual security-oriented research report "Security Navigator 2023", which provides an in-depth analysis of 99,506 potential incidents investigated and classified by the CyberSOC team. The number of incidents increased by 5 compared to the 2022 report. %. While this year’s research report shows several promising signs that the pace of security incidents is slowing, there are still some factors that are causing global concern. 

The report shows that although cyber attack and defense are achieving success in some areas, they still face many challenges. For example, it takes businesses an average of 215 days to fix reported vulnerabilities. Even in the face of critical vulnerabilities, it usually takes at least 6 months to fix them. Nearly 50% of all tests conducted by the Orange Cyberdefense ethical hacking team reported vulnerabilities as "critical" ("important" or "high concern").

Cyber ​​extortion threatens businesses of all sizes around the world. "Security Navigator 2023" pointed out that 82% of cyber extortion victims are small businesses, an increase of 4% compared with last year.

During the outbreak of the Russian-Ukrainian conflict, the number of cyber crimes decreased significantly, but this phenomenon was only fleeting, while cyber extortion incidents increased significantly. In the past six months, the number of victims in East Asia and Southeast Asia has increased by 30% and 33% respectively.

Cyber ​​extortion remains the dominant form of attack, but victim locations are shifting from North America to Europe, Asia and emerging markets

Ransomware and cyber extortion attacks remain the main threats facing organizations around the world at this stage, and Orange Cyberdefense World Watch threat alerts will release relevant information regularly throughout the year. In March and April of 2022, the number of ransomware-related news increased significantly during this period due to the Lapsus$ campaign and the Conti data breach, as well as concerns raised by the Russia-Ukraine conflict. Meanwhile, 40% of incidents handled by CyberSOC involved malware.  

In addition, the victim's location also changed significantly. The number of cyber extortion victims fell by 8% in North America and 32% in Canada, but increased in Europe, Asia and emerging markets. From 2021 to 2022, the number of victims increased by 18% in the EU, 21% in the UK, 138% in Northern Europe, 44% in East Asia, and 21% in Latin America.

At the same time, the composition of active criminal groups has changed dramatically. Of the top 20 attackers observed in 2021, 14 have disappeared from the 2022 rankings. After Conti was disbanded in the second quarter of 2022, Lockbit2 and Lockbit3 orchestrated the largest cyber extortion incident in 2022, with a total of more than 900 victims.  

Based on Orange Cyberdefense’s observations, most of the attackers are opportunists. For example, among the attackers being tracked, nearly 90% claimed that their attack targets were in the United States, more than 50% of them were in the United Kingdom, and more than 20% were in Japan. According to observation data from Orange Cyberdefense, Japan is one of the countries with the lowest number of victims. 

• The impact of the Russia-Ukraine conflict

It is worth highlighting that in the first few weeks after the Russian-Ukrainian conflict broke out, Orange Cyberdefense observed a 50% reduction in cybercriminal activity against Polish customers. This is obviously a case where cybercriminals were distracted by the Russian-Ukrainian conflict and needed to regroup. . Sure enough, the situation returned to normal within a few weeks.  

SMEs, manufacturing and the public sector are particularly vulnerable 

• SMEs

The "Security Navigator 2023" report pointed out that the number of small businesses suffering from cyber extortion is 4.5 times that of large and medium-sized enterprises combined, and the impact on large enterprises is more serious.

In 2022, SMEs reported 49% of the total number of confirmed incidents (2019: 10%, 2020: 24%, 2021: 35%), indicating that SMEs in particular need to deal with the threats posed by malware incidents. For SMBs with fewer than 500 employees, the average cost of a data breach is approximately $1.9 million. Therefore, such companies are likely to be at risk of bankruptcy due to this impact. 

• Public sector organizations

Public sector organizations reported the fifth highest proportion of security incidents handled by CyberSOC. The public sector also accounts for the largest proportion of social engineering attacks reported in the Orange Cyberdefense database.

For most industries, the majority of incidents detected by Orange Cyberdefense are caused by internal actions, but for healthcare customers, 76% of incidents are caused by external actions, such as criminal hackers and APTs (state-sponsored threat actors) . 

• Manufacturing remains the most affected industry in terms of number of victims

Although the research results show that manufacturing ranks only fifth among the industries most willing to pay ransom, it is still the most affected industry in terms of the number of cyber extortion victims. The "Security Navigator 2023" report shows that criminals are disrupting "traditional" information technology systems rather than more professional operational technologies. At the same time, criminals attribute the large number of victims mainly to poor management of information technology vulnerabilities. According to Orange Cyberdefense data, it takes manufacturing companies an average of 232 days to fix reported vulnerabilities. In this dimension, manufacturing still ranks fifth.

Critical vulnerabilities persist and delays in fixing threaten security

According to the new Vulnerability Insights Database, researchers have confirmed that enterprise information technology systems continue to have serious vulnerabilities, with 47% of confirmed vulnerabilities rated as "important" or "high concern". Critical vulnerabilities will still take more than half a year (184 days) to fix, and other vulnerabilities may take even longer. At the same time, data shows that many vulnerabilities, even critical ones, will never be fixed. 

Information technology vulnerabilities in the manufacturing industry took an average of 235 days to be repaired, compared with 215 days in other industries; in hospitals (health care and social assistance sector), information technology vulnerabilities took an average of 491 days to be repaired; and in the transportation sector , the average time to fix information technology vulnerabilities is 473 days. 

Notably, the average time it took Orange Cyberdefense ethical hackers to discover a confirmed "critical" ("important" or "high concern") level vulnerability was 7.7 days.

Workforce Dilemma: Insider threat incidents outnumber external attacks in most industries, while open cybersecurity jobs go unfilled

An organization's employees are at the forefront of a company's defense, but they can also be its weakest link. The "Security Navigator 2023" report states: 

For public administration, the majority of incidents handled by Orange Cyberdefense stem from intentional or unintentional actions by internal actors;

For manufacturing customers, 58% of incidents were classified as internal, while for transportation and warehousing customers, this number was as high as 64%. 

The "Security Navigator 2023" report lists ways that higher levels of security monitoring can improve the effectiveness of controls, but this will undoubtedly produce more false positives and may put more pressure on security professionals. In Europe, the Middle East and Africa alone, there is an urgent need to fill more than 300,000 cybersecurity positions in the manufacturing industry.

Mobile Security: iOS vs. Android

Between September 2021 and September 2022, Orange Cyberdefense interacted with nearly 5 million mobile devices, and the "Security Navigator 2023" report includes dedicated patch data for these mobile devices for the first time. According to third-party research data, both iOS and Android systems have dealt with a large number of vulnerabilities in 2021, including: