Cyber intrusion activity volume jumped 125% in H1 2021

The volume of cyber intrusion activity globally jumped 125% in the first half of 2021 compared with the same period last year, according to the Cyber Investigations, Forensics & Response (CIFR) mid-year update from Accenture.

Cyber intrusion activity volume increase driven by web shell activity

The triple-digit increase (125%) was driven primarily by web shell activity ― i.e., the use of small pieces of malicious code to gain remote access and control ― targeted ransomware and extortion operations, and supply chain intrusions.

Three countries accounted for more than 70% of the incident volume observed by the CIFR team. The U.S. was the most targeted country, accounting for 36% of incident volume, followed by the U.K. (24%) and Australia (11%).

From an industry perspective, consumer goods & services was targeted the most often, accounting for 21% of cyberattacks, followed by the industrial/manufacturing, banking, and travel & hospitality industries, at 16%, 10% and 9%, respectively.

“Many organizations today are only securing their core corporate systems and not fully protecting their supply chain, subsidiaries and affiliates. That’s why it’s critical for companies to have a holistic plan to cover their entire ecosystems,” said Robert Boyce, who leads Accenture’s Cyber Investigations, Forensics & Response business globally.

“Industries that previously experienced lower levels of cyberattacks during the pandemic ― such as consumer good & services, industrials, travel & hospitality, and retail ― should reevaluate their cybersecurity posture as increased consumer activity in these industries present renewed opportunities for cybercriminals.”

Additional key findings

The findings also detail malware categories by volume, top ransomware variants observed, and industries targeted most often by ransomware in the first half of 2021.

• The largest malware category observed by volume was ransomware at 38%, followed by backdoors at 33%.
• The top ransomware variant observed was REvil / Sodinokibi, accounting for 25% of ransomware.
• The industry targeted most often by ransomware operators was insurance, accounting for 23% of ransomware attacks, followed by consumer goods & services (17%) and telecommunications (16%).
• Companies with annual revenues between $1 billion and $9.9 billion accounted for more than half (54%) of ransomware and extortion victims, followed by companies with annual revenues between $10 billion and $20 billion (20%).