Cyber security firm Vectra has published its latest analysis of cyber attacks from January to June this year, highlighting growing attention on the energy and manufacturing sectors (coming from botnets in the education sector).
The report looks at cyberattack detections and trends from a sample of over 250 opt-in enterprise customers using the AI-powered Vectra Cognito platform across nine different industries. This monitored and collected metadata from network traffic that supports more than 4 million devices and workloads deployed in the customer’s cloud, data centre and enterprise environments. By analyzing this metadata, the Vectra Cognito platform detected hidden attacker behaviours and identified business risks that enabled these organizations to avoid catastrophic data breaches.
Across all industries, there was an average of 2,354 attacker behaviour detections per 10,000 devices. This is a sharp increase in attacker behaviours from those reported in the previous report.
Energy (3,740 detections per 10,000 devices) and manufacturing (3,306 detections per 10,000 devices) displayed a large amount of detections primarily due to high levels of activity in both industries. Energy and manufacturing are also large adopters of industrial IoT and have integrated IT/OT networks.
Command-and-control (C&C) activity in higher education exceeds every other industry at 2,143 detections per 10,000 devices, and it continues to persist at three-times above the industry average of 725 per 10,000 devices. These early attack indicators usually precede other stages and are often associated with opportunistic botnet behaviours in higher education. Overall, education had the most attacker behaviours at 3,958 detections per 10,000.
The retail and healthcare industries have the lowest detection rates, with 1,190 and 1,361 detections per 10,000 devices, respectively.
Details are in the full report.