The report, compiled from the analysis of data from Cisco Umbrella, found that the biggest threats faced by various industries such as Manufacturing, Healthcare, Technology, Finance, Higher Education and Management in 2020 are phishing, trojan horse attacks, cryptocurrency mining and ransomware.
Taking advantage of the disruptions created by the COVID-19 pandemic, cybercriminals are targeting companies and organizations in different industries with increasingly sophisticated malware attacks. Some of these are based on deceiving the user, while others steal important information by installing malicious programs on computers. However, in order to prepare an organization for future threats, it is necessary to first understand what the potential dangers are. Fortunately, Cisco identified the biggest malware threats affecting industries in 2020 in its DNS Security report. This research was based on a comprehensive analysis of malicious DNS activity and threats from January to December last year.
The purpose of the report was to shed light on the key trends businesses in different industries may face in 2021 to take the right action to protect companies and customers. In the report compiled from the analysis of data from Cisco Umbrella, Cisco’s cloud-based network security platform, the biggest threats faced by various industries such as Manufacturing, Health, Technology, Finance, Higher Education and Management in 2020 are phishing, trojan horse attacks, cryptocurrency mining and management. Found ransomware.
By doing this type of research, Cisco aims to raise awareness of cyberattacks so companies know more to protect their employees, consumers and other stakeholders from advanced malware. These findings are based on annual comparison of DNS traffic to malicious sites by industry.
technology
While the most common DNS case in the technology sector was cryptocurrency mining, this attack type was the source of 58 percent of the traffic. In fact, technology has the highest incidence of cryptocurrency mining among the industry sectors studied. While this can be attributed to malicious actors, as interest in cryptocurrencies grows, it is possible that DNS blocking has been triggered in Umbrella, with employees installing mining software on company computers and, as a result, violating the company’s security policies.
Cryptocurrency mining was followed by phishing, which accounted for 22% of traffic in the industry. The tech sector also saw the second-highest increase in ransomware traffic of 6%, primarily attacks using Sodinobiki and Ryuk. Trojan activity with Emotet and Trickbot used to deploy Ryuk also had a high rate of 5%.
Financial Services
Phishing generated the highest malicious DNS traffic in the financial services industry, at 46 percent. This industry faced 60 percent more phishing cases than its close follower, higher education industry. Financial services can be an attractive phishing target simply because of their proximity to money. The fact that information theft threats are seen more in this sector than in any other sector supports this theory. With 2 percent, the industry faced five times more traffic in this area than any other industry. Financial services suffered the second highest traffic in a number of categories, including trojan (31 percent), botnet (2 percent), and remote access trojan (RAT) (2 percent).
Health
Healthcare organizations suffered more trojan attacks and more dropper attacks (2 percent) than any other industry, at 46 percent. The main reason for Trojan-based activities was Emotet. Cisco’s research found that seven out of every ten trojan horse attacks seen in the healthcare industry are Emotet. Adding Trickbot, it was seen that this attack type accounted for 83 percent of all trojan horse traffic. Phishing attacks were the second highest category with 29 percent of cases, while ransomware was found to be a significant threat with 2 percent. Considered to be associated with high activity around Emotet, Ryuk was found to be particularly active. The healthcare industry narrowly missed second place in overall DNS traffic with just 1.5 percent difference.
Production
Cryptocurrency mining had a very high share, accounting for 48 percent of traffic in the manufacturing sector. The number of endpoints used in cryptocurrency mining in the manufacturing sector was almost three times higher. As a result, Cisco researchers concluded: More machines generated less DNS activity due to less powerful endpoints compared to the technology sector. Many of these seized machines are used in the manufacturing process itself or in conjunction with the Internet of Things (IoT).