The UK was the biggest victim of cyberattacks in Europe, with the energy sector featuring heavily in the list of victims, according to research released this week. 

The energy industry (16 percent) was among the primary targets for the second consecutive year, with the most common impact from cyberattacks being extortion (57 percent) – more than double the global average - primarily achieved through ransomware or business email compromise attacks.

Globally, despite improved threat detection, the average time to complete a ransomware attack dropped last year from two months to less than four days.

The UK was the top-attacked country in Europe, accounting for 43% of the attacks X-Force observed, followed by Germany (14%), Portugal (9%), Italy (8%) and France (7%). 

The research was delivered by IBM Security’s 2023 X Force Threat Intelligence Index and Laurance Dine, Global Lead, IBM Security X-Force Incident Response said: “Extortion is a battle-tested technique that has grown even more pervasive than ransomware. It’s not only piling financial pressure on key UK sectors at a challenging time, but in many cases the burden is passed on to consumers in the form of price rises, exacerbating the cost of goods and utilities.

"Ultimately, attackers are always innovating and cyber-security strategies should be just as flexible and adaptable.” 

With rising energy bills a key factor in the squeeze on UK consumer finances, the report highlights the threat of further pressure on an already vulnerable energy sector and the potential for data breach costs to trickle down to consumers through price rises.

As many UK businesses strive to carefully manage costs, there is heightened risk of cybersecurity investment falling and vulnerabilities proliferating.

“Ultimately, there is no single, out-of-the box solution to protecting businesses today. Attackers are always innovating, and cyber strategies should be just as flexible and adaptable,” continued Dine.

The most common impact from cyberattacks in 2022 was extortion, which was primarily achieved through ransomware or business email compromise attacks.

With threat actors often seeking to exploit geopolitical tensions, the report found that Europe was the most targeted region for extortion in 2022.

More than half of the cases X-Force observed in the UK involved extortion (57%) – twice the global average - followed by data theft (29%). 

Backdoor deployments - malware that provides remote access - were the most common attacker action observed in the UK in 2022, comprising 18% of cases.

Gaining backdoor access often precedes ransomware attacks, distributed denial of service (DDoS) attacks, and deployment of remote access tools, which were each involved in 14% of UK incidents. 

Cybercriminals are overwhelmingly exploiting IT vulnerabilities in UK organisations to gain initial access.

Last year, 50% of UK incidents — nearly twice the global average — were caused by the exploitation of vulnerabilities, highlighting the need for stronger vulnerability management programs, including better understanding of attack surfaces and risk-based prioritisation of patches.

Julian David, CEO, techUK said: At a time of real economic uncertainty, this important report makes it clear that cyberattacks result in significant costs for organisations and citizens across the UK.

"The surge in extortion-based attacks is a real concern and it is critical that all UK organisations implement a flexible cyber strategy that encompasses people, process and technology.

"No out-of-the-box solution guards against these ever-changing and pervasive threats.”

The IBM Security X-Force Threat Intelligence Index tracks new and existing trends and attack patterns – pulling from billions of datapoints from network and endpoint devices, incident response engagements and other sources.

Globally, the 2023 IBM Security X Force Threat Intelligence Index also found:

  • Backdoor ‘profit equation’: A global uptick in backdoor deployments can be partially attributed to their high market value. Globally, X-Force observed threat actors selling existing backdoor access for as much as $10,000 – compare this to stolen credit card data, which sells for less than $10 per card today. This financial incentive has helped spur innovation from attackers.
  • Cybercriminals Weaponise Email Conversations. Thread hijacking saw a significant rise in 2022, with attackers using compromised email accounts to reply within ongoing conversations posing as the original participant. X-Force observed the rate of monthly attempts increase by 100% compared to 2021 data.
  • Legacy Exploits Still Doing the Job. The proportion of known exploits relative to vulnerabilities declined 10 percentage points from 2018 to 2022, due to the number of vulnerabilities hitting another record high in 2022. The findings indicate that legacy exploits enabled older malware infections such as WannaCry and Conficker to continue to exist and spread.