IBM Security has released the 2021 X-Force Threat Intelligence Index, which shows how perpetrators of cyber attacks have sought to benefit from Covid -19 has passed and thus seen an unprecedented year of socio-economic, business and political challenges in 2020. IBM Security X-Force observed that in 2020, cybercriminals targeted businesses primarily involved in the fight against the coronavirus, such as hospitals, pharmaceutical and pharmaceutical manufacturers, and supply chain energy companies
According to the new report, cyber attacks on health, manufacturing and energy companies have doubled since last year: the cyber threat targeted organizations that could not allow downtime due to health efforts or critical supply chain without the risk of loss. The most attacked industries in 2020 were manufacturing and energy, followed by the financial and insurance sectors. Criminals have also taken advantage of a nearly 50% increase in the vulnerability of industrial control systems (ICS), which are vital in both manufacturing and energy.
The X-Force Threat Intelligence Index in more than 130 countries per day bases its observations on the investigation of more than 150 billion security incidents. In addition, data is collected and analyzed from several sources within IBM, including IBM X-Force (IBM’s cyber attack detection and incident management organization), X-Force Red (IBM’s ethics hacking organization), IBM managed data cyber security service and data provided by Quad9 and Intezer, all of which contributed to the report in 2021.
Some important findings of the report are as follows:
- Cybercriminals are accelerating the spread of Linux malware: according to Intezer, the number of Linux-related malware has increased by 40% in the past year and by 500% in the first six months of 2020. The number of malicious programs written in the Go (Golang) programming language has increased. Attackers are accelerating the transition to Linux malware, which is easier to run on various platforms, including cloud environments.
- The pandemic defines the most counterfeit brands – A the TOP10 list of the most commonly counterfeit brands is led by companies that offer solutions for distance and telecommuting, such as Google, Dropbox and Microsoft, among others. Also at the top of the list are online retail brands, Amazon and PayPal, as well as Youtube and Facebook, which people relied on for news consumption last year. Surprisingly, the seventh most counterfeit brand in 2020 was Adidas, probably due to demand for sneakers called Yeezy and Superstar.
- Ransomware attacks a lucrative business model blackmail viruses were behind almost every fourth attack to which X-Force responded in 2020. Attacks develop aggressively and use double extortion tactics. X-Force estimates that using this model, Sodinokibi, the most frequently observed ransomware group in 2020, closed a very lucrative year last year. X-Force estimates that the group also made a conservative estimate of earning more than $ 123 million last year, with about two-thirds of its victims paying a ransom.
Investment in open source malware endangers cloud environments
During the COVID-19 epidemic, many businesses tried to accelerate their transition to the cloud. “According to a recent Gartner survey, nearly 70% of organizations using cloud services today plan to increase their cloud-based spending in the wake of the disruption caused by COVID-19.” Because Linux currently handles 90% of workflows in the cloud, and while X-Force estimates that the number of malware families associated with Linux has increased by 500% over the past decade, cloud environments could become the number one attack route for attackers.
Due to the growth of open source malware, IBM believes that cybercriminals have more opportunities to improve their profitability – they can reduce costs, increase efficiency and seek opportunities for more profitable attacks. The report highlights various criminal groups, such as APT28, APT29 and Carbana, who are turning to open source malware, indicating that this trend will be the engine of further cloud-based attacks in the coming year.
The report also highlights that attackers are taking advantage of the dynamically scalable computing power of cloud infrastructure by passing on its hefty usage fees to selected organizations as victims. This is indicated by the fact that Intezer discovered more than 13% of previously undetected code in Linux-based cryptographic malware malware in 2020.
Because attackers’ attention is focused on cloud environments , X-Force recommends that organizations consider a zero-trust approach in their security strategy. Businesses need to make confidential computing a central part of their security infrastructure to protect their most sensitive data. By encrypting the data in use, organizations can reduce the risk of a malicious attack, even if the attackers have access to sensitive environments.
Cybercriminals disguised as popular consumer brands
The 2021 report highlights that cybercriminals most often disguise themselves as a brand that consumers trust. Considered one of the world’s most influential brands, Adidas seemed appealing to cybercriminals to capitalize on consumer demand: users looking for coveted sneakers were redirected to malicious websites designed to look like legitimate sites. As soon as a user visited these genuine-looking domains, cybercriminals cracked down on online payment fraud, data theft, collecting personal credentials, or installing malware.
The majority of Adidas counterfeits reported are Yeezy and connected to Superstar sneakers. In 2019, the Yeezy product line alone was said to produce $ 1.3 billion and was one of the most popular sports shoes in the sportswear giant’s offering. By launching the next installment of the lucrative product line, scheduled for early 2020, cybercriminals have also met their own profit-making needs.
Ransomware was the most common type of attack in 2020
According to the report, there were more ransomware attacks in 2020 than in 2019, and 60% of the blackmail virus attacks observed by X-Force were characterized by a dual blackmail strategy,
36% of the data breaches identified by X-Force are ransomware-based, in which the attackers have encrypted and stolen the data and threatened to leak it if they do not receive the ransom. attacks, which may have involved data theft, suggesting that data breaches and ransomware attacks are intertwined.
The most active group of ransomware reported in 2020 is Sodinokibi (other called REvil), which accounted for 22% of all ransomware events observed by X-Force. hero. X-Force estimates that Sodinokibi stole about 21.6 terabytes of data from its victims, and nearly two-thirds of the victims also paid ransoms, with 43% of their data leaked. X-Force estimates the group made more than $ 123 million last year.
Like Sodinokibi, the report found that the most successful ransomware groups in 2020 focused on data theft and leakage, and the so-called ransomware-as-a-service cartels have been set up and key aspects of their operation have been outsourced to cybercriminals who specialize in different types of attacks. In response to these more aggressive ransomware attacks, X-Force recommends that organizations restrict access to sensitive data and protect privileged accounts with privileged access management (PAM) and identity and access management (IAM).
Other important findings of the report are as follows:
- More The 2021 report shows that the most successful way of attacking victims’ digital environments was to find and exploit vulnerabilities (35%) last year, for the first time in years, that phishing (31%)
- Europe felt the attacks of 2020 – According to the report, 31% of the attacks observed by X-Force affected Europe. This was where most of the ransomware attacks were done. However, more internal threats have been detected in Europe than in any other region, and twice as many attacks have occurred as in North America and Asia combined.
Gartner Press Release: Gartner Forecasts Worldwide Public Cloud End-User Spending to Grow 18% in 2021, November 17, 2020
Hardware, Software, Tests, Trivia and Color News from the IT World Click Here !