Cyber Threat Landscape Report Highlights Risks in Construction Sector
/ 3 min read
Quick take - The latest threat landscape report reveals that the construction sector is increasingly vulnerable to cyber threats, particularly phishing attacks, with significant concerns over credential exposure and ransomware, highlighting the need for enhanced cybersecurity measures and strategies.
Fast Facts
- Phishing attacks are the primary method of cyber intrusions in the construction sector, with spearphishing being particularly effective.
- Credential exposure incidents have surged by 83%, making up 75% of GreyMatter Digital Risk Protection alerts, highlighting significant vulnerabilities.
- Ransomware threats have increased, with a 41% rise in organizations appearing on data-leak sites, driven by financially motivated groups like “Play.”
- The mean time to contain threats is significantly reduced from five hours to five minutes when utilizing AI and automation.
- The report emphasizes the need for robust cybersecurity measures, including data loss prevention software and comprehensive risk protection strategies for third-party contractors.
Evolving Cyber Threats in the Construction Sector
The latest threat landscape report has shed light on the evolving cyber threats faced by the construction sector, providing critical insights into the industry’s vulnerabilities and attack vectors.
Phishing Attacks and Vulnerabilities
The report highlights that phishing attacks are the leading initial access method for cyber intrusions within the sector from October 1, 2023, to September 30, 2024. The construction industry’s heavy reliance on third-party contractors, combined with high-pressure project timelines, increases its susceptibility to these attacks. Spearphishing has emerged as a particularly favored technique due to its simplicity and effectiveness.
The report identifies several MITRE ATT&CK techniques prevalent in the construction sector, along with their associated incident percentages:
- T1566.002: Phishing: Spearphishing Link - 19% of incidents
- T1534: Internal Spearphishing - 16% of incidents
- T1566.01: Phishing: Spearphishing Attachment - 7% of incidents
- T1078.004: Cloud Accounts - 6% of incidents
- T1133: External Remote Services - 6% of incidents
The mean time to contain a threat (MTTC) without AI and automation is approximately five hours, while organizations that leverage AI and automation can reduce MTTC to around five minutes.
Credential Exposure and Ransomware Threats
Credential exposure incidents are a significant concern, constituting 75% of all GreyMatter Digital Risk Protection (DRP) alerts within the sector. This reflects an alarming 83% increase from the previous year. The presence of exposed credentials on the dark web further amplifies risks, as threat actors can exploit these credentials for initial network access.
Ransomware poses a substantial threat to the construction industry, with a reported 41% increase in organizations appearing on data-leak sites over the past year. The sector’s vast stores of sensitive data make it an attractive target for such attacks. Contributing factors to the increased vulnerability include inadequate government regulations and underinvestment in cybersecurity measures. The financially motivated ransomware group known as “Play” has been particularly active in targeting construction firms, employing double extortion tactics that pressure organizations to pay ransoms under the threat of data leaks.
Mitigation Strategies and Future Trends
To mitigate ransomware threats, the report advises organizations to implement data loss prevention (DLP) software. Anticipated trends indicate a rise in phishing attacks, exacerbated by a reliance on third parties and contractors who may lack adequate security training. The increasing adoption of cloud services within the sector is also likely to lead to more cloud exploitation attacks. Additionally, the report predicts a rise in infostealer attacks, where user credentials are compromised and sold on dark-web forums.
The construction sector’s vulnerability to cyber threats underscores the necessity for robust security measures. Comprehensive digital risk protection strategies should extend to third parties and contractors associated with construction organizations. The full report contains detailed case studies and practical mitigation strategies aimed at bolstering the sector’s cybersecurity posture in the face of these growing threats.
Original Source: Read the Full Article Here
