The rise in upstream attacks has cybercriminals increasingly setting their sites on technology companies, according to the team at Cisco Talos, who says that in the last quarter its Incident Response team logged a shocking 30% year-on-year increase in attacks targeted at technology developers and service providers.
The increase in attack volume pushes the technology sector to the top of the list of the most targeted industries on the quarter. Tech accounted for nearly a quarter of all observed attacks and was ahead of the likes of retail, healthcare and pharmaceuticals as the most popular targets for criminal hackers.
It is believed that by and large, the increase in attacks on tech is directly related to the recent outbreak of upstream attacks, such as the June attack at IT services provider Snowflake and the resulting breaches that occurred as the attackers used their access to target customer accounts.
The belief is that cybercriminals are now seeing these upstream attacks as a far more efficient way of gaining access to large enterprises. Rather than individually target companies, a breach at a technology provider can result in access to multiple companies across various industries.
“Organizations in the technology sector may be seen as gateways into other industries and organizations given their significant role in supplying and servicing a wide range of sectors, making them attractive targets for adversaries," the Cisco Talos team explained.
Upstream attacks, however, were not the sole reason attackers see tech firms as attractive targets. Technology providers are also more likely to be scared into making a quick ransom payout.
“Technology organizations often have extensive digital assets supporting critical infrastructure,” the researchers noted, “which means they have minimal tolerance for downtime and may, therefore, be more likely to pay extortion demands.”
As for the attacks themselves, the Cisco Talos crew noted that network devices are becoming a more popular target for attackers looking to establish a foothold for lateral attacks.
In addition to scattershot techniques such as password spraying, the attackers are going after years-old vulnerabilities, hoping that many of their targets have overlooked network hardware as a patching priority.
“Network devices should be regularly patched and actively monitored because they provide a critical path for data entering and leaving the network,” the researchers advised.
“If compromised, an adversary could immediately pivot into an organization, divert or change network traffic, and monitor network communications.“