industry unlocked

ReliaQuest has launched its Annual Cyber Threat Report revealing the latest risks to organisations and how to guard against them – drawing attention to the construction sector as being the most targeted by cybercriminals . Mike McPherson , SVP of Technical Operations at ReliaQuest , offers his top tips for staying secure in an ever-evolving cyber landscape , but says there ’ s no ‘ silver bullet ’ to protecting the construction sector .

eliaQuest , a force

Key findings include :

• The construction sector ( with an average of 226 incidents annually ) is the most targeted by cybercriminals closely followed by transportation ( 167 ), wholesale trade ( 138 ), manufacturing ( 116 ) and retailers ( 105 ). These sectors are highly vulnerable to outages which may explain why they are more targeted by criminals .

• The most detected attack technique is the attempted exploitation of exposed remote services , such as Virtual Private Networks ( VPNs ) and remote desktop protocol ( RDP ).

• Initial Access Brokers ( IAB ) provide a route into the above and compromised remote desktop protocol ( RDP ) is the most commonly advertised on criminal forums with 24.4 % of all listings with an average price of US $ 1,000 but can fetch up to US $ 2,700 .

• Virtual Private Networks also allow attackers to gain access to organisations and commonly sold for an average of US $ 500 . However , these prices can vary by vertical sector with access to banking entities trading on average for US $ 5,500 but can reach as high as US $ 23,000 .

• The most common risk alert type is credential exposure – ReliaQuest alerted its customers to over 3 million exposed credentials over the period . However , marked document exposure , open ports , impersonating domains and subdomains remain a significant issue with approximately 400,000 incidents for each of these risk types remediated over the period .

• Ransomware remains the biggest risk facing business in 2023 – LockBit is overwhelmingly the most active ransomware group and using the SocGholish malware distribution framework is supercharging their efforts to gain access to networks .

The report reveals a close relationship between IAB listings and organisations subsequently falling victim to ransomware attacks . The manufacturing sector was the most targeted by IABs with 142 listings advertised and also the most claimed by ransomware groups with 614 victims . Similarly , professional , scientific and technical services was ranked second for both with 136 IABs listings versus 464 claimed by ransomware groups .

A trend first observed in 2022 and carrying on in recent months is the use of the SocGholish ( aka FakeUpdates ) malware distribution framework . This common initial access method deceives individuals into downloading a fake web-browser update which contains an archive file with an embedded SocGholish JavaScript payload . The use of SocGholish is helping criminals by providing a foothold for additional cybercrime groups to follow up after initial access is established .

Mike McPherson , SVP of Technical Operations at ReliaQuest , said : “ Criminals are using any means at their

44 www . intelligentciso . com