Cyberattacks are becoming increasingly sophisticated as threat actors continually evolve their tools and tactics.
They leverage advanced technologies, use social engineering techniques, and collaborate in sophisticated cybercrime networks.
The real estate and utilities industries have seen a notable increase in intrusions over the past three months, according to the recent study report shared with CYFIRMA’s Cyber Security News (CSN) team.
Implementing “Trustifi” AI-powered email security solutions can protect your business from today’s most dangerous email threats such as tracking, blocking, modification, phishing, account takeover, business email compromise, malware and ransomware.
The last 90 days in numbers
Real estate and utilities appeared in 13 of the 59 campaigns observed, representing 22% of the total, lower than the industries most attractive to nation-state threat actors.
In addition to this, Chinese cyber activity also increased with the use of the Barracuda ESG vulnerability. However, since then no new victims of real estate or public services have been observed in these campaigns.
Below we mention all the threat actors involved:-
Real estate and public services attract both financially motivated actors and state actors. Europe, potentially a target of Russian-linked threats amid the Ukraine conflict, is experiencing the most attack activity.
Cyberattacks primarily target web applications and operating systems across all sectors, with cases of VPNs and application infrastructure being compromised.
This report excludes Internet service providers from the analysis and focuses on water and energy utilities. Phishing lures targeting utility companies are highly localized, deterring threat actors looking for broader targets.
CYFIRMA telemetry detected only 42 phishing attacks targeting utilities and none related to real estate in the past 3 months, with a primary focus on broader phishing campaigns.
Below we mention all the brands of the real estate and public services industry that are impersonated:-
- Pkn Orlen
- Swiss Energy Office
- ENEL Energy SPA
- Polska Grupa Energetyczna
ASN telemetry revealed PKN Orlen phishing linked to the US, while the Swiss Energy Office had Swiss roots, and Italy’s Enel Energia and Polska Grupa Energetyczna traced back to the German ASN, indicating an international campaign of PKN Orlen against local cybercriminals.
CYFIRMA found 117 ransomware victims in the real estate and utilities sector in the last 90 days, 7.4% of 1,579 incidents, with a sharp increase in August.
Lockbit3’s August surge leads, driven by Cl0p (+Torrents), while 8base with ALPHV and Akira maintain stable numbers. The five main gangs account for 59% of the victims, but smaller groups continue to cause significant damage.
Of 45 active gangs, 29 targeted real estate and utilities, and Cl0p showed minimal interest in this sector.
The United States leads with 65 of 112 victims, highlighting global ransomware threats that know no borders, as cyber attackers target vulnerable organizations around the world.
Nation-state APTs show limited interest in real estate and utilities, focusing primarily on energy, especially in Europe amid the conflict between Ukraine and Russia.
Real estate and utilities lack appeal for widespread phishing due to localized fragmentation. Lockbit3 is the main gang, while Cl0p has fewer victims in this industry. However, in addition to this, the most affected sectors are real estate developers and construction companies.
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the Free Trial to guarantee 100% security.