Paris. 08 June 2022. The public health crisis has created new vulnerabilities due to the increase in remote working, growing use of data networks and the digitalisation of almost every sector of the economy. Between 2020 and 2021 in Europe, this led to an unprecedented 37.7% increase in the number of cyberattacks, according to France’s national information systems security agency (ANSSI).

Developing good “cyber hygiene” practices and a better knowledge and understanding of cyberattacks are the only ways to address this situation and collectively develop an effective response to cyberthreats.

As part of this effort, Thales’s Cyber Threat Intelligence (CTI) unit gathers, analyses, filters and correlates data on each type of attack, the hackers behind them and the techniques, tactics and procedures they use, in order to improve the ability of organisations to detect cyberattacks and fight against them.

The Thales CTI unit has just published the 2022 edition of its Thales Cyberthreat Handbook on the Internet, with details about the extent of these attacks and the ways in which hacker groups are organised.

The 2022 Thales Cyberthreat Handbook was published on the Internet today and is updated on a permanent basis. Over the last five years, experts from Thales’s CTI unit have analysed more than 20,000 attacks in nine geographic areas and 16 sectors of activity. These cyberattacks point to an impressive level of organisation within the hacker community as well as the emergence of new types of advanced persistent threats and new hybrid relationships between the public sector and private operators.

Growing professionalism in the hacker community

To expand their activities and boost profitability, hacker groups have gradually organised and structured their operations along the same lines as small or medium-sized businesses. Their new organisations include R&D departments to improve the effectiveness of cyberattacks and constantly develop innovative techniques and attack profiles, human resources departments to recruit new hacker profiles, and legal departments to negotiate financial arrangements with attack victims.

According to the 2022 Thales Cyberthreat Handbook, the increasing number of organisations that agree to pay a ransom to retrieve their data after an attack suggests that these legal departments play a crucial role in guaranteeing the lucrative nature of malicious cyber activity. In 2021, 32% of the organisations targeted by a cyberattack agreed to pay a ransom to the hackers, compared with 26% in 2020. One hacker group even managed to extort 180 million euros from the victims of a single cyberattack.

In their constant quest for profitability, many hackers conduct cost/benefit analyses to identify the industries and countries that are the most open to digitalisation of their business models. The Thales Cyberthreat Handbook reveals that 72% of the 20,000 attacks analysed targeted the defence sector and public administrations, and 62% targeted the telecommunications sector. North America accounted for 72% of the attacks, and Europe accounted for 66%.

A growing number of “dormant” state-sponsored cyberattacks

The 2022 Thales Cyberthreat Handbook also reports a rise in the number of state-sponsored attacks over the last five years, in particular linked to the growing use of “dormant” malware. In this type of attack, the hackers install a virus on the organisation’s IT system to gain access to the data on its networks and can then conduct long-term espionage operations, which are more dangerous by definition.

Dormant malware can remain undetected on an organisation’s systems for anything from two years to more than a decade. This kind of attack is becoming more prevalent as private enterprises work more closely with government agencies to counter cyberthreats, and as hackers become better organised and more professional. Today, more and more governments outsource their cyber activity and have become increasingly reliant on outside hacker groups.

“This deep dive into hacker profiles and their techniques, tactics and procedures in selected regions and sectors is designed to help organisations prepare for future cyberthreats. This world atlas of cyberthreats is a particularly important resource today in that the vast majority of incidents in regions such as Africa still go unreported. In a continent that now has 601 million users of digital services – almost as many as in Europe – the invisible nature of the risk is very worrisome. And entire regions are yet to be explored. The 2022 Thales Cyberthreat Handbook aims to make as much information available to as many people as possible in order to lay the foundations for a global solution to the issues in hand,” says Ivan Fontarensky, Technical Director, Cyberdefence, Thales.

Thales and Cybersecurity

Thales serves 130 major customers worldwide, including governments, critical national infrastructure providers and public administrations. The Group provides cybersecurity for 19 of the world’s 20 largest banks, nine of the 10 Internet giants, as well as thousands of businesses of all sizes.

The Thales value proposition is based on three major product families:

  • Cybels, a complete platform of cybersecurity services including risk assessment, training and simulation, and cyberattack detection and response
  • Sovereign products including encryptors and sensors to protect critical information systems
  • A digital platform for data protection, cloud security and access control