Top 3 Cyber Intrusion Trends: Accenture Research

Accenture's mid-year update of its Cyber Investigations, Forensics & Response (CIFR) report shows the volume of cyber intrusion activity globally jumped 125% in the first half of 2021 compared with the same period last year, highlighting three major trends:

1. Volume of cyberattacks continues to trend upward: In the first half of the year, according to the report, there’s been no slowdown of cyberattacks as global incident volume continues to trend upward. With a 125% increase in incident volume year-over-year, the impact was observed for almost every industry and geography, according to Accenture. The report said this trend was primarily driven by a global uptick in web shell activity by way of nation-state and cybercriminal actors, targeted ransomware and extortion operations and supply chain intrusions.

2. Certain industries and geographies are being disproportionately impacted: The report noted that five industries in particular comprised more than 60% of total intrusion volume: consumer goods and services (21%), industrial (16%), banking (10%), travel and hospitality (9%) and insurance (8%). The industry targeted most often by ransomware operators was insurance, accounting for 23% of ransomware attacks, followed by consumer goods & services (17%) and telecommunications (16%). The United States was the most impacted geography, according to the report, with 36% of incident volume, followed by the U.K. (24%) and Australia (11%).

3. Ransomware and extortion remain the top threat: Ransomware and extortion operations continue to reign supreme as the top malware category (38%) observed and are the second-highest incident type (29%) by volume, the report stated.

Consistent with 2020's results, the REvil/Sodinokibi ransomware variant was the most commonly observed at 25% and the threat group using Hades ransomware was also active in the first half of the year. In addition, Accenture found, more than 70% of ransomware and extortion victims were U.S. companies with more than $1 billion in revenues. Companies with annual revenues between USD$1 billion and USD$9.9 billion accounted for more than half (54%) of ransomware and extortion victims, followed by companies with annual revenues between USD$10 billion and USD$20 billion (20%), the report found.

Accenture Cyber Intrusion and Malware Trends

Accenture also reported among the key findings that the top five malware variants observed thus far in 2021 were:

1. Backdoors, which allow a threat actor to bypass normal authentication channels and interactively issue commands to a system (i.e., remote access). Examples include the ubiquitous Cobalt Strike BEACON, SUNBURST and China Chopper, according to the report.

2. Credential Stealers are typically designed to obtain credentials with functionality beyond basic keylogging, the report stated. This could include usernames, passwords, keys, tokens, etc. Examples include Mimikatz, KeeThief, XLoader and Collector Stealer, Accenture said.

3. Droppers and Launchers can facilitate the delivery, unpacking and installation of malware, as well as launch (i.e., execute or load) files. Examples include TEARDROP, jRAT and Mosquito, according to the report.

4. Ransomware is designed to encrypt data or drives in order to extort payment from victims. Examples include REvil/Sodinokibi, Hades, Ryuk and Netwalker, according to the report.

5. Other includes items such as commodity malware, spyware, loggers, miners and downloaders that don’t include backdoor, dropper or credential stealer as a primary function. Examples include Emotet, TrickBot and XMRig, Accenture said.

About the CIFR Data and Report

Accenture is a Top 250 MSSP (according to MSSP Alert) and a Top 250 Public Cloud MSP (according to ChannelE2E).

Accenture’s Cyber Investigations, Forensics & Response (CIFR) report and mid-year update is based on data collected from the company's CIFR incident response engagements between January and June 2021, the company said. To access the CIFR mid-year update, visit Accenture's blog here: Triple digit increase in cyberattacks: What next?