Cyber extortion surges to record highs in 2023: Orange Cyberdefense report

Orange Cyberdefense, the cybersecurity specialist arm of Orange, has unveiled its annual security research report, the Security Navigator 2024. The report, a comprehensive analysis of global cybersecurity trends, highlights a surge in security incidents and the alarming rise of cyber extortion cases worldwide.

here are some key finding from the survey:

Record Cyber Extortion Victims:

• The report reveals a staggering 46% increase in Cyber Extortion victims globally in 2023, marking the highest number ever recorded.
• Large enterprises bore the brunt, accounting for 40% of the attacks, while small organizations and medium-sized businesses constituted 25% and 23%, respectively.
• Cl0p, a prominent threat actor, exploited two major vulnerabilities, contributing significantly to the surge.

Geopolitical Impact on Cyber Threats:

• A shift in threat actor motivations is observed, with an increase in politically or ideologically motivated attacks, including espionage, sabotage, disinformation, and extortion.
• The war against Ukraine saw a substantial rise in hacktivist attacks, with Europe being the most impacted region, followed by North America and the Middle East.

Evolution of Hacktivism:

• The report notes a significant increase in hacktivist activity supporting political or social causes, with a focus on the war against Ukraine.
• Europe experienced 85% of all hacktivist attacks in 2023, reflecting a geopolitical correlation.

Cognitive Attacks and Perception Shaping:

• A shift towards ‘cognitive’ attacks is observed, where the impact is not solely on the disrupted systems but on societal perception.
• Cyber events are increasingly linked to physical events, leading to an escalation of geopolitical tensions.

Hacking Dominates Security Incidents:

• The VERIS framework identifies ‘Hacking’ as the most detected security incident, accounting for 30.32% of confirmed incidents.
• Malware slips to third place (12.98%), while ‘Misuse’ claims the second spot (16.61%).

Internal vs. External Threats:

• Internal actors contribute to 37.45% of detected incidents, with external actors making up 43.6%.
• End user devices (27.7%) and servers (27.34%) are the most impacted assets.

Client Maturity and Detection Efficiency:

• There is a strong correlation between client maturity and detection efficiency, with mature clients showing four times higher efficiency.
• Mature clients provide more feedback, facilitating intelligent tuning and improved detection efficiency.

Hugues Foulon, CEO of Orange Cyberdefense, commented, “This year’s report underlines the unpredictable environment we face today, and we see our teams working harder than ever as the number of detected incidents continues to increase. Together, with our customers, we are pursuing an unwavering policy of awareness and support for our increasingly interconnected world.”

The Security Navigator 2024 emphasises the need for organisations to understand the evolving threat landscape and take proactive measures to reduce the risk of exposure. As cyber threats become more sophisticated, collaboration and strategic cybersecurity planning are crucial for safeguarding businesses and individuals in this dynamic digital landscape.