Cyber-extortion gangs shifted their focus away from North America and Europe and towards Latin America and Asia during 2022, possibly influenced by Russia’s invasion of Ukraine, according to Orange Cyberdefense.
The security vendor compiled its Cy-Xplorer 2023 report from analysis of the 2100+ organizations worldwide that were publicly shamed as victims of cyber extortion last year – in other words, those who refused to pay a ransom and were posted to leak sites.
Read more on ransomware trends: Time Taken to Deploy Ransomware Drops 94%.
Although victims covered 96 different countries, some regions became more popular among threat actors over 2022.
The number of victims located in the US fell by 21% year-on-year in 2022, in Canada by 28%, in Europe by 2% and in Australia/New Zealand by 11%. In contrast, the volume of extortion victims in South-East Asia surged by 42% and in Latin America by 32% over the period.
Although there are still more victims overall in North America and Europe than other regions, the trends could tell a story of shifting priorities, according to Orange Cyberdefense.
This could be the result of several factors: western firms getting better at cyber-defense, less government scrutiny of cyber-extortion incidents in the newly targeted regions, and potential geopolitical factors.
On the latter, Orange Cyberdefense claimed that, while 74% of all extortion victims in 2022 were from NATO countries, this victim count “decreased noticeably” at the start of the war in Ukraine and continued to do so as the war progressed. Moreover, activity from pro-Russia threat actors did not noticeably increase the victim count in NATO countries.
Orange also claimed the war slowed down extortion activities overall and initially forced threat actors to regroup before continuing their attacks. In fact, overall victim counts decreased by 8% in 2022, although a fresh surge in Q1 2023 shows that threat actors are very much back up and running.
“Whilst 2022 witnessed a slowdown in the growth of attacks, we can see from Q1 that it’s not the time to become complacent. Our research shows that industry and government collaboration is the key to driving down malicious cyber activity, as Cy-X is not a problem that businesses can solve on their own,” argued Hugues Foulon, CEO at Orange Cyberdefense.
“We are yet to see the true impact of geopolitical events such as the Ukraine war in cyberspace, but increased initiatives being put in place at a government level are essential if we are to tackle the ever-present risks posed by threat actors.”