November 9, 2021 Innovation Post
Cyber attacks on the manufacturing sector are growing: + 46.9%, in a general context of increasing threats in every sector such that the overall economic damage caused globally exceeds 6% of world GDP. The Clusit 2021 report presented this morning during the Security Summit highlights a global emergency trend on the front of cyber attacks, not only for the increase in their number but also for their severity.
In fact, during the first half of 2021, serious attacks carried out for cybercrime purposes, that is to extort money from victims, increased by 21%, which today represent 88% of the total. Growth of 18% for attacks with an end to Information warfare, while those with cyber espionage fall by -36.7%. The latter category had peaked last year due to spying in the field of vaccines and anti Covid-19 treatments.
"For years we have been facing problems that by nature, gravity and size constantly go beyond the boundaries of ICT and Cyber Security itself and have profound, lasting and systemic impacts on every aspect of society, politics, economy and geopolitics. ”, Says Andrea Zapparoli Manzoni, co-author of the Clusit Report and member of the Clusit Steering Committee. “Today we find ourselves in an emergency situation that risks even worsening if the 45 billion that the PNRR has allocated, at various levels, for digitization are not really invested”.
Cyber threats, sectors in the crosshairs
Clusit analyzed twenty product sectors identified by Clusit analysts to understand which production areas were most targeted. It emerges that in all production areas there is a growth in threats:
Transportation / Storage: + 108.7%
Professional, Scientific, Technical: + 85.2%
News & Multimedia: + 65.2%
Wholesale / Retail: + 61.3%
Manufacturing: + 46.9%
Energy / Utilities: + 46.2%
Government: (+ 39.2%)
Arts / Entertainment: + 36.8%
Healthcare: + 18.8%
In contrast, attacks on the multiple target category decreased by 23.4%. For Clusit experts this is a wake-up call that criminals would be more oriented to launch attacks on individual targets.
The geographical distribution
In the first half of 2021, the data seems to have increased attacks on companies based in Europe, more than 10 percentage points compared to the same period last year. The numbers can be indicative, as explained by Gabriele Faggioli, president of Clusit and CEO of Digital360, of the greater number of public reports of events made mandatory by the GDPR.
The severity of the attacks
In the first half of 2021, severe attacks with very important and critical effects accounted for 74% of the total. In 2020 this percentage was 49%. 22% of the attacks analyzed were of significant impact, those with low impact only 4%.
The tools of attacks
The analysis revealed that the percentages relating to threats are:
• malware, 43% of the total attack techniques used, up 10.5% over last year.
• Unknown techniques, + 13.9% compared to the last six months of 2020.
• Known vulnerabilities, + 41.4%
• Phishing / Social Engineering -13%.
• Multiple techniques + 11.6%
• Denial of Service -42.9%
• Identity Theft / Account Hacking -29.5%.
Attacks on IoT tools
At the end of the presentation event of the Clusit report, the meeting "Internet of Things: Welcome to the Wild West" was held, curated by Luca Pesce of Sonicwall, an overview of the risks associated with the Internet of Things.
Security Summit IoT threats
Pesce stressed that "by 2025 there will probably be 75 billion IoT objects worldwide, one can imagine what the attack surface available could be" and that "there are a series of points that make IoT difficult to enter in the context of security ". These obstacles are:
• Certain IoTs are not considered as such until they are attacked
• IoT functionality is often considered a priority over security
• Reticence in reporting
Among the tips to cope with the situation, there are:
• Never use flat networks: segmentation is a very important pillar of network security.
• Firmware update.
• Apply firewall policies to the IoT.
• Monitor the situation closely, beware of Shadow IT.