Cyber extortion remains a top threat, but its geographical reach is shifting, Orange Cyberdefense (OCD) found in the Security Navigator 2023, the latest edition of its annual report on the threat landscape, released on December 1, 2022.
The report shows that cyber extortion, a category designated ‘Cy-X’ by OCD represents the compromise of some assets from a corporate network for ransom and includes ransomware, ranks as the number one type of cyberattack.
Such attacks accounted for a large majority of the 29,291 incidents the report was able to confirm, Charl van der Walt, head of OCD’s Security Research Center and lead author of the report, told Infosecurity.
Cyber Extortion Surges in China
However, Van der Walt’s team saw a significant geographic shift in victims of cyber extortion.
“Large English-speaking countries have always been the most impacted by cyber extortion, primarily because of the size of their economy and the easy access their businesses offer to cyber-criminals,” Van der Walt recalled.
“More generally, we are convinced that victims’ geographics tracks GDP, with the exception of India, China and Japan due to language and cultural ‘barriers’,” he added.
While seven of the 10 countries with the most victims of extortion in the Security Navigator 2023 aligned with the world’s largest economies, many regions outside of the English-speaking regions are now being hit.
OCD reported US-based Cy-X volumes down 8% in the last 12 months and down 32% in Canada. The EU and the UK continued to see their cyber extortion victims grow by 18% and 21%.
The most significant growth, however, can be seen in Africa (+50%), the Middle East (+79%) and South Asia (+100%). China alone saw an increase of 182% in victims of Cy-X between 2021 and 2022.
Businesses’ Security Seems to Be Getting Better
The report also found that overall cyber incidents increased by 5% globally between 2021 and 2022. “This good news, as last year’s increase was higher (+13%),” Hugues Foulon, OCD’s CEO, stated during the launching event in Lyon on November 25, 2022.
According to Van der Walt, “it means that, by some measures, our clients' security seems to be getting better.”
The researcher claimed that this improvement can largely be attributed to “enhanced penetration testing and the growth in and increased sophistication of security tools such as endpoint detection and response (EDR) solutions.”
No tags.
