IBM X-Force: Ransomware Was the Preferred Attack Method in 2020

[ This article was originally published here ]

Reading X-Force ReportIn 2020, ransomware was the most widely-used method of delivering cyber attacks, accounting for 23% of security events handled by the IBM Security X-Force. One attack alone scored profits of more than $123 million for the perpetrators, according to an IBM report.

A distant second to ransomware, the report says, was data theft (13%), followed by server access (10%). All three types of attack increased in comparison to 2019 numbers: +3% for ransomware, +8% for data theft, and +7% for server access.

Meanwhile, scan-and-exploit attacks emerged as the top initial attack vector, and were used in 35% of attacks, up from 30% in 2019. Scan-and-exploit threats knocked phishing from the top spot, which accounted for 33% of attacks, up 31% from the previous year. The third most common initial attack vector was credential theft – 18% of attacks vs. 29% in 2019.

The IBM report, X-Force Threat Intelligence Index 2021, used billions of data points garnered from IBM customers and public sources throughout 2020. IBM calls the index “an annual check-in on the threat landscape and how it’s changing,” as part of the company’s efforts to assess the threat landscape and help companies manage threats and prioritize their cybersecurity efforts.

Double Extortion

“Ransomware is undeniably the top attack type,” according to the report. Perpetrators carried out attacks “by gaining access to victim environments via remote desktop protocol, credential theft, or phishing—attack vectors that have been similarly exploited to install ransomware in prior years.”

The most successful ransomware groups tracked by the X-Force in 2020 focused their energies on “creating ransomware-as-a-service (RaaS) cartels and outsourcing key aspects of their operations to cybercriminals that specialize in different aspects of an attack.”

A troubling trend spotted by the X-Force involved the use of a double-extortion strategy in 59% of cases. Knowing that organizations can refuse to pay ransom and recover data from backups, threat actors in some cases threatened to leak sensitive data if the victims refused to pay ransom. “Certain ransomware providers even held auctions on the dark web to sell their victims’ stolen sensitive information,” the report says.

Manufacturing Targets

Interest in manufacturing targets by threat actors grew in 2020, with the sector becoming the second most targeted industry in 2020, up from eighth in 2019. Finance and insurance were at the top. Sophisticated spear phishing attacks against manufacturers, as well as NGOs involved in the COVID-19 vaccine supply chain, were common.

“Manufacturing bore the brunt of data theft attacks in 2020, experiencing 33% of all data theft incidents,” the report says. The energy sector ranked second, accounting for 21% of data theft incidents.

Reason for Hope

Despite the trends detected by the X-Force, the report struck an optimistic tone: “There is reason to hope that 2021 will shape up to be a better year. Resilience in the face of rising and falling challenges in cybersecurity requires actionable intelligence and a strategic vision for the future of a more open, connected security.”

To help organizations achieve resilience and strengthen their cybersecurity teams, (ISC)2 has released “The Enterprise Guide to Establishing a Cybersecurity Program”, which you can download here.