Analysis is based upon multiple open-sources and statistics on UK cyber incidents from the Information Commissioners Office which dates back to 2019
The most recent ICO incident statistics cover the quarter April to June 2022. During this quarter there were following key trends:
There were a record number of attacks against Transport & Leisure sector in the quarter, an almost 40% increase on the quarterly average
It’s believed this increase was partly due to Lockbit ransomware gang targeting the transport sector during the quarter.
The Healthcare sector also saw an increase in the number of cyber-attacks, although the cause of almost 80% of these incidents was reportedly ‘hardware or software misconfiguration’, so its possible the increase was mainly due to human error rather than direct attacks.
Retail and manufacturing were the most targeted sector in the quarter. This is consistent with every quarter since statistics began in 2019 for UK incidents.
One sector was there a significant decrease in incidents was in Finance, Insurance and Credit; the quarterly number of incidents was almost 50% down on the average number of quarterly incidents in this sector.
It’s difficult to say exactly why there was a large drop in cyber incidents in Finance, Insurance and Credit and the real reason is likely to be multifaceted, but could include:
- Finance, Insurance and Credit is the sector that possibly has the most sophisticated cyber defences in place due to their attractiveness as a target to cyber criminals
- Due to this, cyber criminals may be actively targeting other sectors and any attacks against financial targets are likely less effective due to these defences
Many ransomware gangs operate so-called ‘double extortion’ attacks, where they:
- Lockdown the network of the victim company so that they are unable to use their IT systems, and
- Threaten to leak sensitive data stolen from the victim, the idea being to pressure them into paying to prevent reputational damage, especially if the victim has restored their network thanks to back-ups and other systems
The LockBit ransomware gang is aiming to introduce ‘triple extortion’ attacks:
- Lockdown the network
- Leak sensitive data
- Conduct Distributed Denial of Service (DDoS) attacks. This would probably be against the victim’s website to further pressure them into paying especially if it took their website and associated services offline.
In summer 2022, a UK law firm suffered a ransomware attack. In early 2022 the same firm had posted on its website about achieving the National Cyber Security Centre (NCSC’s) ‘Cyber Essentials +’ certification.
By achieving CE+, the firm will have had an internal and external test of its network for potential vulnerabilities. A ransomware attack against a firm with CE+ shows that even organisations with sophisticated cyber defences can be exploited by cyber criminals.
In 2021 there was a large increase in ransomware attacks against UK organisations, with the peak being 219 ransomware attacks in quarter July to September 2021. Since then, ransomware incidents have decreased both in UK and the rest of the world, but attack numbers are still elevated when compared with pre-2020 statistics.
Over the past few quarters, including April to June 2022, ransomware has made up almost one third of all UK incidents. This shows ransomware remains a persistent threat despite there being a decrease in the number of attacks.