Which industries are most targeted by cybercriminals?
Which sectors are most often targeted by cybercriminals across the Asia Pacific – and which companies have fallen victim to their attacks?
Quick take
- Cyberattacks are on the rise in the Asia Pacific, where cybercriminals are becoming increasingly sophisticated, targeting supply chains and employee behaviour.
- Manufacturing, finance, transport, education and health are among the most heavily targeted sectors in the region
- Regular employee training with stress testing, strong password behaviour and managing third-party exposures are some of the ways to defend a company against an attack.
Cyberattacks are becoming more frequent and sophisticated across the world.
In the Asia-Pacific region, the number of cyberattacks increased by 15% in the first nine months of 2023. Hackers are targeting sectors that lack adequate defences and that they feel will be most compelled to pay a ransom.
For the second year in a row, manufacturing was the most attacked industry in the Asia Pacific, weathering almost 50% of incidents, IBM reported in its 2024 X-Force Threat Intelligence Index. The finance and insurance, and transportation industries came in second (12% each), followed by education (8%).
Meanwhile, other reports have found health care to be one of the most targeted sectors for cybersecurity breaches in Australia.
So, what is it about these industries that criminals find so appealing?
1. Manufacturing
The most attacked sector is home to valuable intellectual property data and weak cyber defences; it also has a low tolerance for downtime. Combined, these factors make organisations more likely to pay a ransom.
Globally, 45% of manufacturing attacks employed malware in 2023, the IBM report found, while ransomware accounted for 17% of incidents. Cybercriminals accessed sensitive information mainly by phishing (39%) and exploiting public-facing apps (33%), with others targeting external services such as virtual private networks (VPN) and remote desktop connection software (22%).
Growing reliance on third-party technology solutions is one of the key reasons organisations are falling victim to more attacks. Verizon’s 2024 Data Breach Investigations Report found 15% of breaches in the reporting period involved a third party or supplier, such as software supply chains, hosting partner infrastructures or data custodians.
In December 2023, car manufacturer Nissan experienced a supply-chain breach that gave attackers access to data on 100,000 Australian and New Zealand customers.
The following April, the external supplier contracted by the company to manage its cyber incident call centre, OracleCMS, was impacted by its own data breach that affected several of its clients, including Nissan. Up to 4000 Australian Medicare cards, 7500 driver’s licences, 220 passports and 1300 tax file numbers were accessed. Nissan offered free credit monitoring and reimbursement for ID replacement costs to the affected customers in response. No mention of a ransom demand or response was made public.
2. Finance and insurance
An obvious target, the finance sector attracts cybercriminals with the promise of personal information, credit card details and transaction records that they can use for fraudulent behaviour and sell on the dark web.
Globally, 38% of finance and insurance incidents involved malware, with ransomware accounting for 25% of cases, IBM said in its report, with most hackers using phishing or stealing login credentials to access servers.
In a cyberattack against Latitude Financial in March 2023, hackers acquired an employee’s login details via infrastructure supplier DXC Technology. A routine security scan spotted irregular behaviour in a matter of days, but information as far back as 2005 was stolen, including 7.9 million licences and 53,000 passports belonging to Australian and New Zealand customers.
Latitude was able to pull the plug on DXC before hackers crippled its systems with ransomware, the Australian Financial Review reported. Still, Latitude’s 1H23 results revealed a statutory loss after tax of A$98.2 million, including A$76 million of pre-tax costs and provisions relating to the cyber incident, and the company is facing a class action lawsuit from some affected customers.
3. Transportation
In 2023, the Asia-Pacific transport sector experienced more attacks than anywhere else in the world. Cybercriminals’ aim? To cripple networks with huge public fallout and gain access to millions of people’s data – and subsequently a hefty ransom payment.
Hackers homed in on public-facing applications and used phishing and legally available tools to breach them and cause havoc.
Auckland Transport was a victim in September 2023 when its transport card network was hijacked. Hackers accessed the AT HOP card transaction database, but no personal or financial data resided there thanks to the organisation’s segregated databases and its limiting of data kept on servers, reported RNZ.
Still, opportunistic hackers demanded a US$1 million ransom, which Auckland Transport refused to pay. Weeks later the attackers froze the organisation’s website with an ‘army of bots’.
4. Education
The loot on offer in the education sector is the vast amount of student data institutions hold, along with valuable research information. Either could demand a steep price.
Malware and phishing were the most common attack methods, according to IBM, but employee errors were not far behind, indicating a broader lack of cybersecurity awareness across the sector.
One staff member at The Australian National University (ANU) clicked on a phishing email in 2018, giving hackers access to ANU systems for months, without detection.
Highly sensitive information on students and staff, including past staff, was stolen. Hackers meticulously covered their tracks and launched a second round of emails from the staff member’s email account. ANU spent millions of dollars after the attack upgrading its network security, with the attack serving as a stern warning to education institutions.
5. Health care
While health care was not one of the five most commonly targeted sectors in the IBM report, it ranked fifth in the Australian Signals Directorate’s list of the top reporting sectors in 2022–2023 and is worth mentioning.
The treasure chest for cyber pirates comprises sensitive systems and services that are critical to the preservation of human life, increasing the likelihood of a ransom payment.
Not far from people’s memories will be the 2022 attack on Australian health insurance provider Medibank. Again, hackers secured login details for an employee through a third-party IT service provider.
Medibank only learned of the breach when REvil, a ransomware group, posted a sample of the stolen data on the dark web and threatened to release data from nearly 10 million customers unless a US$10 million ransom was paid. Medibank refused to pay, and the remaining data was published. The Office of the Australian Information Commissioner is currently pursuing civil penalties against Medibank in court.
Nine ways to prevent a cyberattack
1. Train employees with regular, bite-sized training modules with stress tests and real-life applications.
2. Enforce strong password behaviour, including multi-factor authentication.
3. Manage third-party activities by performing cyber-risk assessments regularly.
4. Employ threat intelligence software to detect bad behaviour.
5. Regularly assess and test cybersecurity defences.
6. To reduce the blast radius, delete historical data regularly.
7. Implement and research a cyber-incident response plan that involves everyone.
8. If using AI, put cybersecurity guardrails and governance around it.
9. Monitor your dark web exposure regularly.
Sources: Ekran, IBM
Subscribe to the Acuity newsletter
Acuity produces a free weekly newsletter packed with the best new content published on the Acuity website. Register to receive the Acuity newsletter.
Register now.