IBM Security Report: Attacks on Industries Supporting COVID-19 Response Efforts Double
Ransomware Group Banks Millions; Cloudy Forecast Amid 40% Rise in Open-Source Malware in 2020; Social Distancing "Must Have" Tools Dominate Top Spoofed Brands
CAMBRIDGE, Massachusetts, Feb. 24, 2021 /PRNewswire/ -- IBM (NYSE: IBM) Security today released the 2021 X-Force Threat Intelligence Index highlighting how cyberattacks evolved in 2020 as threat actors sought to profit from the unprecedented socioeconomic, business and political challenges brought on by the COVID-19 pandemic. In 2020, IBM Security X-Force observed attackers pivoting their attacks to businesses for which global COVID-19 response efforts heavily relied, such as hospitals, medical and pharmaceutical manufacturers, as well as energy companies powering the COVID-19 supply chain.
According to the new report, cyberattacks on healthcare, manufacturing, and energy doubled from the year prior, with threat actors targeting organizations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains. In fact, manufacturing and energy were the most attacked industries in 2020, second only to the finance and insurance sector. Contributing to this was attackers taking advantage of the nearly 50% increase in vulnerabilities in industrial control systems (ICS), which manufacturing and energy both strongly depend on.
"In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note. Many organizations were pushed to the front lines of response efforts for the first time â€“ whether to support COVID-19 research, uphold vaccine and food supply chains, or produce personal protective equipment," said Nick Rossmann, Global Threat Intelligence Lead, IBM Security X-Force. "Attackers' victimology shifted as the COVID-19 timeline of events unfolded, indicating yet again, the adaptability, resourcefulness and persistence of cyber adversaries."
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analyzed from multiple sources within IBM, including IBM Security X-Force Threat Intelligence and Incident Response, X-Force Red, IBM Managed Security Services, and data provided by Quad9 and Intezer, both of which contributed to the 2021 report.
Some of the report's key highlights include:
- Cybercriminals Accelerate Use of Linux Malware â€“ With a 40% increase in Linux-related malware families in the past year, according to Intezer, and a 500% increase in Go-written malware in the first six months of 2020, attackers are accelerating a migration to Linux malware, that can more easily run on various platforms, including cloud environments.
- Pandemic Drives Top Spoofed Brands â€“ Amid a year of social distancing and remote work, brands offering collaboration tools such as Google, Dropbox and Microsoft, or online shopping brands such as Amazon and PayPal, made the top 10 spoofed brands in 2020. YouTube and Facebook, which consumers relied on more for news digestion last year, also topped the list. Surprisingly, making an inaugural debut as the seventh most commonly impersonated brand in 2020 was Adidas, likely driven by demand for the Yeezy and Superstar sneaker lines.
- Ransomware Groups Cash In On Profitable Business Model â€“ Ransomware was the cause of nearly one in four attacks that X-Force responded to in 2020, with attacks aggressively evolving to include double extortion tactics. Using this model, X-Force assesses Sodinokibi â€“ the most commonly observed ransomware group in 2020 â€“ had a very profitable year. X-Force estimates that the group made a conservative estimate of over $123 million in the past year, with approximately two-thirds of its victims paying a ransom, according to the report.
Investment in Open-Source Malware Threatens Cloud Environments
Amid the COVID-19 pandemic, many businesses sought to accelerate their cloud adoption. "In fact, a recent Gartner survey found that almost 70% of organizations using cloud services today plan to increase their cloud spending in the wake of the disruption caused by COVID-19." 1 But with Linux currently powering 90% of cloud workloads and the X-Force report detailing a 500% increase in Linux-related malware families in the past decade, cloud environments can become a prime attack vector for threat actors.
With the rise in open-source malware, IBM assesses that attackers may be looking for ways to improve their profit margins â€“ possibly reducing costs, increasing effectiveness and creating opportunities to scale more profitable attacks. The report highlights various threat groups such as APT28, APT29 and Carbanak turning to open-source malware, indicating that this trend will be an accelerator for more cloud attacks in the coming year.
The report also suggests that attackers are exploiting the expandable processing power that cloud environments provide, passing along heavy cloud usage charges on victim organizations, as Intezer observed more than 13% new, previously unobserved code in Linux cryptomining malware in 2020.
With attackers' sights set on clouds, X-Force recommends that organizations should consider a zero-trust approach to their security strategy. Businesses should also make confidential computing a core component of their security infrastructure to help protect their most sensitive data â€“ by encrypting data in use, organizations can help reduce the risk of exploitability from a malicious actor, even if they're able to access their sensitive environments.
Cybercriminals Disguised as Celebrity Brand
The 2021 report highlights that cybercriminals opted to disguise themselves most often as brands that consumers trust. Considered one of the most influential brands in the world, Adidas appeared attractive to cybercriminals attempting to exploit consumer demand to drive those looking for coveted sneakers to malicious websites designed to look like legitimate sites. Once a user visited these legitimate-looking domains, cybercriminals would either seek to carry out online payment scams, steal users' financial information, harvest user credentials, or infect victims' devices with malware.
The report indicates that the majority of Adidas spoofing is associated with the Yeezy and Superstar sneaker lines. The Yeezy line alone reportedly pulled in $1.3 billion in 2019 and was one of the top selling sneakers for the sportswear manufacturing giant. It's likely that, with the hype for the next sneaker release in early 2020, attackers leveraged the demand of the money-making brand to make their own profit.
Ransomware Dominates 2020 as Most Common Attack
According to the report, in 2020 the world experienced more ransomware attacks compared to 2019, with nearly 60% of ransomware attacks that X-Force responded to using a double extortion strategy whereby attackers encrypted, stole and then threatened to leak data, if the ransom wasn't paid. In fact, in 2020, 36% of the data breaches that X-Force tracked came from ransomware attacks that also involved alleged data theft, suggesting that data breaches and ransomware attacks are beginning to collide.
The most active ransomware group reported in 2020 was Sodinokibi (also known as REvil), accounting for 22% of all ransomware incidents that X-Force observed. X-Force estimates that Sodinokibi stole approximately 21.6 terabytes of data from its victims, that nearly two-thirds of Sodinokibi victims paid ransom, and approximately 43% had their data leaked â€“ which X-Force estimates resulted in the group making over $123 million in the past year.
Like Sodinokibi, the report found that the most successful ransomware groups in 2020 were focused on also stealing and leaking data, as well as creating ransomware-as-a-service cartels and outsourcing key aspects of their operations to cybercriminals that specialize in different aspects of an attack. In response to these more aggressive ransomware attacks, X-Force recommends that organizations limit access to sensitive data and protect highly privileged accounts with privileged access management (PAM) and identity and access management (IAM).
Additional key findings in the report include:
- Vulnerabilities Surpass Phishing as Most Common Infection Vector â€“ The 2021 report reveals that the most successful way victim environments were accessed last year was scanning and exploiting for vulnerabilities (35%), surpassing phishing (31%) for the first time in years.
- Europe Felt the Brunt of 2020 Attacks â€“ Accounting for 31% of attacks X-Force responded to in 2020, per the report, Europe experienced more attacks than any other region, with ransomware rising as the top culprit. In addition, Europe saw more insider threat attacks than any other region, seeing twice as many such attacks as North America and Asia combined.
The report features data IBM collected in 2020 to deliver insightful information about the global threat landscape and inform security professionals about the threats most relevant to their organizations. To download a copy of the X-Force Threat Intelligence Index 2021, please visit: https://www.ibm.biz/threatindex2021
About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. For more information, please check www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.
IBM Security Media Relations
Logo - https://mma.prnewswire.com/media/95470/ibm_logo.jpg
More News by PR Newswire India
Damm and Ball launch world's first Aluminium Stewardship Initiative certified beverage cans
LimaCorporate And HSS Partner To Open First Provider-based Design And 3D Printing Center For Complex Joint Reconstruction Surgery
WhiteHat Jr.'s search for Tech Leaders steered by Purple Quarter
Ampersand Group successfully concludes digital intervention, development across Nashik Anganwadis
Siply Launches Affordable Gold Savings Scheme with High Returns for the Masses
Glenmark Pharmaceuticals receives ANDA approval for Chlorpromazine Hydrochloride Tablets USP, 10 mg, 25 mg, 50 mg, 100 mg, and 200 mg: Granted competitive generic therapy (CGT) designation and is eligible for 180 days of CGT exclusivity
Aavishkaar Group dedicates its Group Impact Report 2020 to 55 Million women leaders in its ecosystem
Feedback plc: International expansion with appointment of two industry specialists in India
LexisNexis Risk Solutions Study Reveals Financial Crime Compliance Costs Across Asia-Pacific Region Increased 20.6% Year Over Year
Eight Manga Artists' Works Exhibited at Kansai Airport Starting March 20
Asia Pacific banks are ready to take advantage of truly digital cores - delivering competitive advantages beyond cost
Citizenship by Investment Funded Real Estate Developments Will Bolster Dominica's Tourism Offering
Adults with obesity treated with semaglutide 2.4 mg achieved and maintained a significant amount of weight loss in a 68-week trial
Cleaner, Clearer Pool and Spa Water
Gastops celebrates 3,500th engine sensor delivery for F-35 Lightning II
Amazfit T-Rex Pro: A Tough Military-grade Smartwatch with Endurance to Match Your Own and up to 18 Days' Battery Life
Rugged Military-Grade Smartwatch is the Ultimate Partner for Challenging Military-Grade Obstacle Course, Amazfit Partners with Spartan
Meitra Hospital Redefines its Brand Identity
Second Star-studded Hank's Home Game Sees Jokes, Jibes and Showdowns in the Name of Charity at PokerStars.net
Goa Introduces Olectra Electric Buses in its fleet
Haier's Healthy Air Conditioners Rank Number One in Three Prestigious Euromonitor International Categories
AeC Lauded by Frost & Sullivan for Employing a Mix of Technology and Human Expertise to further strengthen its position in the Brazilian Customer Experience Outsourcing Market
Pharmactive Earns Acclaim from Frost & Sullivan for Helping People Improve their Cognitive Functions with its Saffron-based Ingredient, AffronÂ®
HPE Lauded by Frost & Sullivan for Lowering the Risk of 5G Deployments
Uptake Recognized by Frost & Sullivan for Its Predictive Modeling Solutions for Medium-to-heavy-duty Vehicles
Brands are Redefining the Customer Experience by Adopting a Digital-first Approach
IIIT Hyderabad Announces M.Tech Program in Product Design and Management
U.S. Polo Assn. to Sponsor the Annual Lexus International Gay Polo Tournament Celebrating the Gay Polo League
Eagle Eye and Neptune Retail Solutions Enable a Better Digital Coupon Experience for Southeastern Grocers' Shoppers
Sinopec Signs Long-term Liquefied Natural Gas Deal of 2 Million Tons per Annum with Qatar Petroleum
Byogy Commissions Sustainable Low Carbon Jet Fuel Plant in Japan Advancing 'Alcohol to Jet' to Zero Carbon
Xinhua Silk Road: Changsha Economic and Technological Development Zone in C. China's Hunan unveils multiple measures to attract talents worldwide
AWE 2021: Haier Smart Home Brings Revolutionary Living Experience Empowered by its Smart Home Solution
New Research Reveals Top Investment Migration Program Options for HNWIs Seeking Health Security
V-Marc India Limited Initial Public Offering of Equity Shares opening on Thursday, March 25, 2021
Digital-First Tylko Raises â‚¬22 Million in Series C as Part of Its Commitment to Set New Standards in the Furniture Industry
Life Cycle Analysis of Corbion's AlgaPrimeâ„˘ DHA Validates Lower Carbon Footprint Compared to Traditional Sources of Fish Oil
Logiq Partners with Comviva to Offer Digital Wallet and Payment Services to Millions of Mobile Users Across Indonesia
Diluent or Immuno-Reagent solutions for your diagnostic testing kits (Covid, Flu, etc.)
oneZero releases Algorithmic Pricing Module to give institutional clients even greater control
World Class Cocktail Festival: 2021 Homecoming
On World Water Day 2021, Sensus unveils exclusive whitepaper - 'Smart Cities need Smart Water'
Hexaware Technologies is Great Place to Work - certified
Ghodawat Consumer Earns a Prestigious Award; Bags 'India's Most Admirable Brand' Recognition
Glenmark Pharmaceuticals receives ANDA approval for Diltiazem Hydrochloride Extended-Release Capsules USP, 60 mg, 90 mg, and 120 mg: Granted competitive generic therapy (CGT) designation and is eligible for 180 days of CGT exclusivity
UST Provides Online Retail Platform Solution for UNIQLO India to Launch 'Shop From Home' Service
IAS Launches First Industry-Wide Digital Ad Verification Training Program
Bruce Lee's lost passion project 'The Silent Flute' to be produced by entrepreneur Jason Kothari
WZCC announces an exciting webinar with Mr. Piruz Khambatta, Chairman of Rasna, Hon. Consul General South Korea, Director GNFC, Chairman Rasna Foundation and Founder Trustee Areez Khambatta Benevolent Trust
HarperCollins is delighted to announce: Everything the Light Touches by Janice Pariat, publishing from Fourth Estate in October 2022
Crypto Liquidity Platform Black Ocean Opens Customer Whitelist
PathogenDx Applauded by Frost & Sullivan for Its Ultra-rapid COVID-19 Testing Platform, DetectX-Rv Test
Global Semiconductor Materials Market Sets New High of $55.3 Billion With 5% Expansion in 2020, SEMI Reports
Catalyst Welcomes Accenture CEO Julie Sweet As New Board Chair
Frost & Sullivan Opens Nominations for Itron Excellence in Resourcefulness Awards
Squirrels Boosts AirPlay, Miracast and Google Cast With All-New Reflector 4
Stockholm International Water Institute: Freshwater Thought Leader Sandra Postel awarded 2021 Stockholm Water Prize
Astral Foundation helps Hiwali get its first water pipeline after independence
Sirtex Medical announces new SIR-SpheresÂ® DOORwaY-90 Study: The first prospective multicenter U.S.-based trial for registration as first-line treatment for hepatocellular carcinoma
Frost & Sullivan Experts Analyze Regional Tactics for Water and Sanitation for All by 2030
NEC Earns Acclaim from Frost & Sullivan for Adopting a Vector-based Approach to High-performance Computing with its SX-Aurora TSUBASA
Voyager Labs Partners with Microsoft to Provide AI SaaS Investigation Platforms to Empower Public Safety
Global Energy Prize 2021 - record number of participating countries
RedHill Biopharma Announces Compassionate Use Treatment with Opaganib of first COVID-19 Patients in Switzerland
Summer Gold Coin Offer begins on KhelPlay Rummy
Planet Water Foundation Brings Life-Changing Access to Clean Drinking Water to Communities Across 5 Countries as Part of World Water Day Activation
RDIF and Virchow Biotech partner for production of Sputnik V vaccine in India
Sonata Software to tap the Customer Experience (CX) Market to fuel growth
Mana Projects Celebrating 21 Years of Real Estate Excellence
Avaya Acclaimed by Frost & Sullivan for Seizing Growth Opportunities with its Robust Portfolio of Intelligent Contact Center Solutions
Glenmark and Bausch Health join together to commercialize RYALTRIS â„˘ nasal spray in Canada
AVEVA and OSIsoft Combine to Unlock the Potential of Data to Drive Increased Performance for Industrial Organizations
Xinhua Silk Road: Nanjing Jiangbei New Area invites global partners to jointly promote dev. of life and health industry
Zalando Launches Spring Campaign to Laud Society's Champions & Celebrate Their Values
Hexaware Technologies Announces a Work Integrated Learning Program for Freshers
Empuls by Xoxoday integrates with Slack
India's Top Student Volunteers Felicitated At The 11th Annual Pramerica Spirit of Community Awards
Rajshri Entertainment to Make Its Wellness Content Available on Gaana as Podcasts
Plintron powers a unique educational initiative by SmartCentric
IBM Launches Fourth Annual Call for Code Global Challenge to Tackle Existential Threat of Climate Change
Product Analytics is the Number One Measurement of Digital Success, New Report By Harvard Business Review Analytic Services Sponsored by Amplitude Shows
SVKM's NMIMS Invites Applications for Post-Graduate Pharmacy Programs
PrettyLittleThing Turns Burj Khalifa Pink
Doctors Hospital Takes Action to Preserve Fair Competition After the Cayman Government Grants a Series of Financial Concessions
Maybelline New York Announces Storm Reid As Global Spokesmodel
The Craft Irish Whiskey Co. Sets the Record for the World's Most Expensive Whiskey Collection in Partnership With FabergĂ©
ZS PRIZE, a healthcare innovation programme, selects top 8 teams for jury evaluation and final winner announcement in April 2021
SUN Mobility and Zyngo partner to offer seamless last-mile delivery
India Nightlife Convention & Awards (INCA) concludes its 5th Edition in Goa
OKExChain welcomes Cosmostation validator node operator among six other partners to its rapidly expanding ecosystem
Voltas introduces the new 2021 range of Voltas Fresh Air Coolers; launches 'Ab Garmi Ke Mazey Lo, Bina Garmi Ke' campaign
Aster MIMS Calicut Offers Free Liver Transplant Surgeries to Children
'The Apprentice: ONE Championship Edition' to Premiere in India tomorrow, March 20th on Republic TV
APML issues pre-alert and guidelines to save innocent citizens from fake websites and fraudsters in packing and moving segment
GC to Increase Vinythai Shares through Delisting Tender Offer, Strengthening Downstream Chemicals Business, and Expanding Its Business in CLMV Market
Flexible workspaces to lease 3 million square feet of space in 2021: Colliers
RateGain Ranks in Deloitte Technology Fast50 For The Fifth Time
First Advantage launches Vendor Screening Solution
NMIMS Hyderabad Invites Applications for Common Entrance Tests - NMIMS- NPAT, NMIMS-CET and NMIMS-LAT - for Commerce, Pharmacy, & Law Programs
IAS Extends its Leadership in Brand Safety and Ad Fraud Protection with TAG Recertification
CITIC Networks Becomes Big Data Exchange (BDx) Connectivity Partner in Nanjing Data Center
ď»żApiJect Systems, Corp., Announces Appointment of Global Branding Leader, Craig Cohon as Chief Strategy Officer
EncoreÂ® Launches Hybrid+, Setting A Global Standard For Hybrid Meeting & Event Experiences
New Report Discusses IT/OT Convergence for Telcos
SDI Adds Acteev Protectâ„˘ Masks to Portfolio of PPE As-a-Service(SM)
The 129th Canton Fair Prepares for a Virtual Return from April 15-24, 2021
Hitachi launches new range of Room Air Conditioners for the new-age consumers: 'One for everyone'
Five Business Strategies to Ensure Environment Safety and Leverage eWaste Management
Huawei Recognized as a 2021 Gartner Peer Insights Customers' Choice for WAN Edge Infrastructure
"Charm of Jiangsu" celebrated the 2021 Chinese New Year with overseas fans online
GameAnalytics Joins Huawei Ecosystem as the Latest Platform Partner
Frost & Sullivan's India Manufacturing Excellence Awards 2021 to Honor Future-Ready Factories
Adani Green Energy raises USD 1.35 billion in one of Asia's largest project financing deals
Reliance Securities named as India's 10 most promising share trading platforms of 2020
QuerySurge is Now Available in the Microsoft Azure Marketplace
XCMG Celebrates International Day of Happiness, Champions Employee Wellbeing with its Upgraded Total Health Program
ZestMoney Ranked Second Fastest Growing Technology Company in Deloitte Technology Fast 50 India 2020
Firescore Interactive to launch the hyper-casual gaming hub 'CrazyHubs India' in partnership with CrazyLabs
Technical clothing requirements for armed forces likely to be included in negative import list; keen to procure indigenised techno textiles: General Bipin Rawat
Frost & Sullivan Identifies the Top 5 Growth Opportunities in the Next-Generation Connected Car Industry
Trimble Announces Release of Tekla 2021 Structural BIM Software Solutions
Nespresso invests CHF 117 million in the expansion of its Avenches production center to meet growing consumer demand
FDI - Dental disaster: One year after first lockdowns dentists around the world confront the consequences of the COVID-19 pandemic on people's oral health: higher incidence of tooth decay and more advanced gum disease
Aeijaz Sodawala, CEO eZee Technosys gives an industry insider view-point on the Google Free Booking Link Program
Skootr Launches Skootr FinSave, A New Company To Meet Growing Demand For Financial Services In The Office Segment
LYRA last-mile connectivity solution for rural India