Asia saw more cyberattacks than any other region in the past year, experiencing over 1 in 4 attacks in 2021. Financial services and manufacturing organisations together experienced nearly 60 percent of attacks in Asia.
IBM Security released its annual X-Force Threat Intelligence Index in February 2022 unveiling how ransomware and vulnerability exploitations together were able to “imprison” businesses in 2021 further burdening global supply chains, with manufacturing emerging as the most targeted industry. While phishing was the most common cause of cyberattacks in general in the past year, IBM Security X-Force observed a 33 percent increase in attacks caused by vulnerability exploitation of unpatched software, a point of entry that ransomware actors relied on more than any other to carry out their attacks in 2021, representing the cause of 44 percent of ransomware attacks.
The 2022 report details how in 2021 ransomware actors attempted to “fracture” the backbone of global supply chains with attacks on manufacturing, which became 2021’s most attacked industry (23 percent), dethroning financial services and insurance after a long reign. Experiencing more ransomware attacks than any other industry, attackers wagered on the ripple effect that disruption on manufacturing organisations would cause their downstream supply chains to pressure them into paying the ransom. An alarming 47percent of attacks on manufacturing were caused due to vulnerabilities that victim organisations had not yet or could not patch, highlighting the need for organisations to prioritise vulnerability management.
The 2022 IBM Security X-Force Threat Intelligence Index maps new trends and attack patterns IBM Security observed and analysed from its data – drawing from billions of datapoints ranging from network and endpoint detection devices, incident response engagements, phishing kit tracking and more – including data provided by Intezer.
“Cybercriminals usually chase the money. Now with ransomware they are chasing leverage,” said Charles Henderson, Head of IBM X-Force. “Businesses should recognise that vulnerabilities are holding them in a deadlock – as ransomware actors use that to their advantage. This is a non-binary challenge. The attack surface is only growing larger, so instead of operating under the assumption that every vulnerability in their environment has been patched, businesses should operate under an assumption of compromise, and enhance their vulnerability management with a zero trust strategy.”
The “Nine Lives” Of Ransomware Groups
Responding to the recent acceleration of ransomware takedowns by law enforcement, ransomware groups may be activating their own disaster recovery plans. X-Force’s analysis reveals that the average lifespan of a ransomware group before shutting down or rebranding is 17 months. For example, REvil which was responsible for 37 percent of all ransomware attacks in 2021, persisted for four years through rebrands, suggesting the likelihood it resurfaces again despite its takedown by a multi-government operation in mid 2021.
Vulnerabilities Become An Existential Crisis For Some
The X-Force report highlights the record high number of vulnerabilities disclosed in 2021, with vulnerabilities in Industrial Control Systems rising by 50 percent year-over-year. Although more than 146,000 vulnerabilities have been disclosed in the past decade, it’s only been in recent years that organisations accelerated their digital journey, largely driven by the pandemic, suggesting that the vulnerability management challenge has yet to reach its peak.
At the same time, vulnerability exploitation as an attack method is growing more popular. X-Force observed a 33 percent increase since the previous year, with the two most exploited vulnerabilities observed in 2021 found in widely used enterprise applications (Microsoft Exchange, Apache Log4J Library). Enterprises’ challenge to manage vulnerabilities may continue to exacerbate as digital infrastructures expand and businesses can grow overwhelmed with audit and upkeep requirements, highlighting the importance of operating on the assumption of compromise and applying a zero trust strategy to help protect their architecture.
Attackers Target Common Grounds Amongst Clouds
In 2021, X-Force observed more attackers shifting their targeting to containers like Docker – by far the most dominant container runtime engine according to RedHat. Attackers recognise that containers are common grounds amongst organisations so they are doubling down on ways to maximise their ROI with malware that can cross platforms and can be used as a jumping off point to other components of their victims’ infrastructure.
The 2022 report also sounds caution on threat actors’ continued investment into unique, previously unobserved, Linux malware, with data provided by Intezer revealing a 146 percent increase in Linux ransomware that has new code. As attackers remain steady in their pursuit of ways to scale operations through cloud environments, businesses must focus on extending visibility into their hybrid infrastructure. Hybrid cloud environments that are built on interoperability and open standards can help organisations detect blind spots and accelerate and automate security responses.
Featured photo by Sora Shimazaki from Pexels.
CLICK HERE FOR LATEST NEWS.
READ CURRENT AND PAST ISSUES OF IAA.
KEEP YOURSELF UPDATED, SUBSCRIBE TO IAA NOW!