IBM Security Report: Attacks on Industries Supporting COVID-19 Response Efforts Double
CAMBRIDGE, Mass., Feb. 24, 2021 /CNW/ -- IBM (NYSE: IBM) Security today released the 2021 X-Force Threat Intelligence Index highlighting how cyberattacks evolved in 2020 as threat actors sought to profit from the unprecedented socioeconomic, business and political challenges brought on by the COVID-19 pandemic. In 2020, IBM Security X-Force observed attackers pivoting their attacks to businesses for which global COVID-19 response efforts heavily relied, such as hospitals, medical and pharmaceutical manufacturers, as well as energy companies powering the COVID-19 supply chain.
According to the new report, cyberattacks on healthcare, manufacturing, and energy doubled from the year prior, with threat actors targeting organizations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains. In fact, manufacturing and energy were the most attacked industries in 2020, second only to the finance and insurance sector. Contributing to this was attackers taking advantage of the nearly 50% increase in vulnerabilities in industrial control systems (ICS), which manufacturing and energy both strongly depend on.
"In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note. Many organizations were pushed to the front lines of response efforts for the first time – whether to support COVID-19 research, uphold vaccine and food supply chains, or produce personal protective equipment," said Nick Rossmann, Global Threat Intelligence Lead, IBM Security X-Force. "Attackers' victimology shifted as the COVID-19 timeline of events unfolded, indicating yet again, the adaptability, resourcefulness and persistence of cyber adversaries."
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analyzed from multiple sources within IBM, including IBM Security X-Force Threat Intelligence and Incident Response, X-Force Red, IBM Managed Security Services, and data provided by Quad9 and Intezer, both of which contributed to the 2021 report.
Some of the report's key highlights include:
Investment in Open-Source Malware Threatens Cloud Environments
With the rise in open-source malware, IBM assesses that attackers may be looking for ways to improve their profit margins – possibly reducing costs, increasing effectiveness and creating opportunities to scale more profitable attacks. The report highlights various threat groups such as APT28, APT29 and Carbanak turning to open-source malware, indicating that this trend will be an accelerator for more cloud attacks in the coming year.
The report also suggests that attackers are exploiting the expandable processing power that cloud environments provide, passing along heavy cloud usage charges on victim organizations, as Intezer observed more than 13% new, previously unobserved code in Linux cryptomining malware in 2020.
With attackers' sights set on clouds, X-Force recommends that organizations should consider a zero-trust approach to their security strategy. Businesses should also make confidential computing a core component of their security infrastructure to help protect their most sensitive data – by encrypting data in use, organizations can help reduce the risk of exploitability from a malicious actor, even if they're able to access their sensitive environments.
Cybercriminals Disguised as Celebrity Brand
The report indicates that the majority of Adidas spoofing is associated with the Yeezy and Superstar sneaker lines. The Yeezy line alone reportedly pulled in $1.3 billion in 2019 and was one of the top selling sneakers for the sportswear manufacturing giant. It's likely that, with the hype for the next sneaker release in early 2020, attackers leveraged the demand of the money-making brand to make their own profit.
Ransomware Dominates 2020 as Most Common Attack
The most active ransomware group reported in 2020 was Sodinokibi (also known as REvil), accounting for 22% of all ransomware incidents that X-Force observed. X-Force estimates that Sodinokibi stole approximately 21.6 terabytes of data from its victims, that nearly two-thirds of Sodinokibi victims paid ransom, and approximately 43% had their data leaked – which X-Force estimates resulted in the group making over $123 million in the past year.
Like Sodinokibi, the report found that the most successful ransomware groups in 2020 were focused on also stealing and leaking data, as well as creating ransomware-as-a-service cartels and outsourcing key aspects of their operations to cybercriminals that specialize in different aspects of an attack. In response to these more aggressive ransomware attacks, X-Force recommends that organizations limit access to sensitive data and protect highly privileged accounts with privileged access management (PAM) and identity and access management (IAM).
Additional key findings in the report include:
The report features data IBM collected in 2020 to deliver insightful information about the global threat landscape and inform security professionals about the threats most relevant to their organizations. To download a copy of the X-Force Threat Intelligence Index 2021, please visit: https://www.ibm.biz/threatindex2021
About IBM Security
View original content to download multimedia:http://www.prnewswire.com/news-releases/ibm-security-report-attacks-on-industries-supporting-covid-19-response-efforts-double-301234051.html
Conference Sessions with Lunch
Digital Transformation Post COVID-19: Raising the Bar on Customer Engagement