Ransomware-related data leaks nearly doubled in 2021: report


According to endpoint security firm CrowdStrike’s 2022 Global Threat Report released Tuesday, 2021 saw a significant increase in ransomware-related data leaks and interactive intruders.

The number of ransomware attacks resulting in data leaks increased from 1,474 in 2020 to 2,686 in 2021, an 82% increase. The sectors most affected by data breaches in 2021 were industrials and engineering, manufacturing and technology.

“The growth and impact of [big game hunting] in 2021 was noticeable in all sectors and in almost all regions of the world. Although some attackers and ransomware went out of business in 2021, the total number of ransomware families in operation increased,” CrowdStrike said in its report.

[ READ: Swissport Investigating Ransomware Group’s Data Leak Claims ]

For interactive intrusion attempts involving manual keyboard activity, CrowdStrike saw a 45% increase in 2021, with 62% of attacks involving no malware and only manual activity. Almost half of interactive intrusion attempts were carried out by for-profit cybercriminals – the cybersecurity firm calls it eCrime activity.

For these eCrime attacks, the average breakout time – the time it took the attacker to move laterally from the originally compromised system to another host within the victim’s network – was 1 hour and 38 minutes.

CrowdStrike added 21 new named attackers to its database over the past year, and the company now tracks more than 170 threat groups in total.

The company’s report highlights disruptive Iran-related operations in which threat actors and activity clusters employ “lock-and-leak” tactics to target organizations in the United States, Israel and the MENA region.

“Lock-and-leak operations are characterized by criminal or hacktivist fronts that use ransomware to encrypt target networks and then leak victim information through actor-controlled personas or entities,” CrowdStrike explained. “Because they operate inauthentically as a criminal or hacktivist entity, these types of operations conduct activities under a cloak of denial. By using dedicated leak sites, social media and chat platforms, these actors are able to amplify data leaks and behavior [information operations] against target countries.”

The report also highlights China-related activities, calling China a “leader in exploiting vulnerabilities.” The number of new vulnerabilities exploited by Chinese threat actors in 2021 was 12, six times higher than in 2020.

While it is not uncommon for Chinese threat actors to develop exploits for their targeted attacks, they have typically leveraged exploits that require user interaction, such as: B. opening malicious documents or accessing websites hosting malicious code. In 2021, however, they appeared to be shifting focus to security vulnerabilities affecting internet-enabled devices or services.

The full 2022 Global Threat Report (PDF) is available on CrowdStrike’s website.

See Also: Russian State Sponsored Hackers Are Fastest: CrowdStrike

See Also: Telecom Sector Increasingly Targeted by Chinese Hackers: CrowdStrike

Show counters

Edward Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a journalism career as a security news reporter at Softpedia. Eduard has a bachelor’s degree in industrial computer science and a master’s degree in computer techniques applied in electrical engineering.

Previous columns by Eduard Kovacs:


About Author

Comments are closed.