Cryptomining, credential theft & data exfiltration: Cyber threats in 2022

Image via Pixabay

On January 12, cyberthreat reports were released regarding the energy, healthcare and retail sectors. These reports, released by Darktrace, revealed global 2022 attack data.

Energy sector

The energy sector report reveals that illegal cryptomining threats, whereby bad actors steal energy and processing power from other devices and networks, are on the rise across the industry. Notable findings include:

High-priority cryptomining accounted for 13 times more of all observed cyber incidents in the U.K. energy sector in 2022 compared to 2021.
High-priority cryptomining accounted for three times more of all observed cyber incidents in the U.S. energy sector in 2022 compared to 2021.

The report divulges two cryptomining threat finds from a European and U.S. energy organization respectively. In the former case, attackers were caught attempting to mass pool cryptomining capabilities using five internal servers at the organization.

Retail sector

As online shopping remains popular, the retail sector report reveals that over the course of 2022, criminals increasingly turned toward credential theft, spoofing and stuffing to target this multi-billion-dollar industry's online infrastructure. Notably:

Credential theft, spoofing and stuffing accounted for over 170% more of all observed cyber incidents in the U.S. retail sector, over 14% in the U.K. retail sector, and over 70% in the Australian retail sector in 2022 compared to 2021.

One threat found in the report from August 2022 details the discovery of an attack tool present inside the network of a U.K. automotive retailer. One of its devices had become infected with malware.

Healthcare sector

Hospitals and other healthcare organizations are extremely rich data sources from which attackers can make a profit by selling patient information such as medical records, credit cards or banking details. The healthcare sector report revealed:

Data exfiltration was one of the top three observed threats faced by healthcare providers globally, with organizations in the U.K. and Australia suffering an increased volume in 2022.
The most common attack type observed across healthcare globally in 2022 was suspicious network scanning, a form of intelligence gathering which often constitutes the initial phase of a cyberattack. The second-most common attack type observed was multiple lateral movement model breaches.

The report details a threat faced by a U.S. healthcare provider in which a malicious PowerShell script was discovered to be deployed on one of the organization's internal servers, an attempt to give bad actors remote control over the target network.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

A head of state needs heart surgery at your facility. High-profile members of a national sports team are getting updated vaccinations. What do you do when you get the call?