Report Finds Communications and Tech Most Targeted Industries for Cyber Attacks

For years we’ve heard about the important steps businesses across industries must take to protect their intellectual property, employees, and customers' private and personal data from cyber criminals. But it seems as if every day these attacks are becoming more sophisticated, and finding ways to combat security risks remains a top concern.

In many industries, there are rules and regulations to help protect data and users and, for sectors like financial and insurance, these compliance measures are especially stringent. This is due to the fact that companies within these areas of business are likely to have more sensitive data stored. However, according to recent findings from Darktrace, a cyber security AI provider, that focus seems to be changing with IT and communications companies now key targets.

According to findings by Darktrace's security researchers, its artificial intelligence tools autonomously interrupted an average of 150,000 threats per week against this sector in 2021, this is in comparison to just one year ago in 2020 when the financial and insurance sectors were most frequently attacked.

The shift in focus by cybercriminals to MSPs, telecom providers, and software developers shows hackers are getting even more elaborate in their attacks as they move through backdoor entry attempts to destroy or corrupt data files, and begin ransomware attacks where they demand payments to release stolen files, and even withholding backups. Their goal with entering through software and developer platforms is to mask their break-in attempts as legitimate.

Unlike the usual “don't click on a strange link or email” protection step that’s been advised for years, these attacks come through as completely clean emails and from a trusted source, asking only for confirmation of sensitive data.

"Over the last 12 months, it is clear that attackers are relentlessly trying to access the networks of trusted suppliers in the IT and communications sector. Quite simply, it is a better return on investment than, for example, going after one company in the financial services sector. SolarWinds and Kaseya are just two well-known and recent examples of this. Sadly, there is likely to be more in the near term," commented Justin Fier, Darktrace Director for Cyber Intelligence and Analysis. 

Fier also noted that AI will play a key role in stopping these kinds of attacks as they continue to grow. 

"The reality is that attackers are patient and creative. They will usually go right through the front door by compromising trusted suppliers in the IT and communications industry. To downstream customers, it appears as business as usual and is just another application or piece of hardware from a trusted supplier," continued Fier. "There is no magic solution to finding attacks embedded in your software suppliers, so the real challenge for organizations will be to operate while accepting this risk. Getting a sense of what is normal for the software you are trusting will be paramount. AI is perfectly suited for this job; spotting the subtle changes presented by a piece of software that has been compromised will be key to fighting this problem in the future."

Edited by Luke Bellos