Key targets
The Crowdstrike report detailed some of the global patterns for attack prevalence.
“Entities in Europe are more than twice as likely to be targeted than entities in the Asia Pacific and Japan region,” the report said, adding that the European Union’s GDPR is one of the reasons. “Threat actors have leveraged GDPR data breach penalties to pressure victims into paying ransoms. Several threat actors have threatened to report entities for regulatory noncompliance via their data leak sites, in ransom notes, or during negotiations.”
The report highlighted various statistical attack patterns, including the most targeted verticals (manufacturing, professional services, technology, industrials and engineering, and retail) and the most popular attack methods, including, it said, “Dumping credentials from backup and restore configuration databases, which often store credentials used to access hypervisor infrastructure; remotely encrypting files, executing ransomware, often from an unmanaged system, and running the file encryption process outside of the targeted system; leveraging access to unmanaged systems to steal data and deploy ransomware; and deploying Linux ransomware on VMware ESXi infrastructure.”
