The triple-digit increase (125%) was driven primarily by web shell activity ― i.e., the use of small pieces of malicious code to gain remote access and control ― targeted ransomware and extortion operations, and supply chain intrusions.
Three countries accounted for more than 70% of the incident volume observed by the CIFR team. The U.S. was the most targeted country, accounting for 36% of incident volume, followed by the U.K. (24%) and Australia (11%).
From an industry perspective, consumer goods & services was targeted the most often, accounting for 21% of cyberattacks, followed by the industrial/manufacturing, banking, and travel & hospitality industries, at 16%, 10% and 9%, respectively.
“Many organizations today are only securing their core corporate systems and not fully protecting their supply chain, subsidiaries and affiliates.That’s why it’s critical for companies to have a holistic plan to cover their entire ecosystems,” said Robert Boyce, who leads Accenture’s Cyber Investigations, Forensics & Response business globally. “Industries that previously experienced lower levels of cyberattacks during the pandemic ― such as consumer good & services, industrials, travel & hospitality, and retail ― should reevaluate their cybersecurity posture as increased consumer activity in these industries present renewed opportunities for cybercriminals.”
The findings also detail malware categories by volume, top ransomware variants observed, and industries targeted most often by ransomware in the first half of 2021. Among the key findings:
- The largest malware category observed by volume was ransomware at 38%, followed by backdoors at 33%.
- The top ransomware variant observed was REvil / Sodinokibi, accounting for 25% of ransomware.
- The industry targeted most often by ransomware operators was insurance, accounting for 23% of ransomware attacks, followed by consumer goods & services (17%) and telecommunications (16%).
- Companies with annual revenues between US$1 billion and US$9.9 billion accounted for more than half (54%) of ransomware and extortion victims, followed by companies with annual revenues between US$10 billion and US$20 billion (20%).
About the CIFR Data
Accenture’s Cyber Investigations, Forensics & Response (CIFR) mid-year update is based on data collected from CIFR incident response engagements between January and June 2021. In addition, all intrusion data and analysis are based on Accenture’s distinct collection sources and could be subject to field-of-view limitations, such as Accenture’s client’s size, industry sectors, and geographies served.