X-Force

The COVID-19 pandemic has greatly affected cybersecurity, network defence and incident response operations. IBM Security recently released the 2021 X-Force Threat Intelligence Index. This highlights how cyberattacks evolved throughout 2020 and how malicious threat actors attempted to use the pandemic to their advantage. The report was based on the in-depth analysis of data breaches that occurred throughout 2020. According to the report, cyberattacks on healthcare, manufacturing and energy doubled from the previous year. Focusing on organisations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains.

As healthcare organisations shifted their focus and resources to their primary role and the demand of managing the extraordinary emergency, their weaknesses were exploited. The manufacturing and energy sectors were the most attacked industries in 2020, followed by the finance and insurance sector. Contributing to this was attackers taking advantage of the nearly 50% increase in vulnerabilities in industrial control systems (ICS), which manufacturing and energy both strongly depend on.

Key Findings

• Cybercriminals Accelerate Use of Linux Malware – There has been a 40% increase in Linux-related malware in the past year (Intezer). Attackers are accelerating a migration to Linux malware, that can more easily run on various platforms, including cloud environments.
• Pandemic Drives Top Spoofed Brands. Amid a year of social distancing and remote work, brands offering collaboration tools such as Google, Dropbox and Microsoft, or online shopping brands such as Amazon and PayPal, made the top 10 spoofed brands in 2020. YouTube and Facebook, which consumers relied on more for news digestion last year, also topped the list.
• Ransomware Groups Cash In On Profitable Business Model. Ransomware was the cause of nearly one in four attacks that X-Force responded to in 2020, with attacks aggressively evolving to include double extortion tactics. Using this model, X-Force assesses Sodinokibi – the most commonly observed ransomware group in 2020. X-Force estimates that the group made a conservative estimate of over $123 million in the past year. Approximately two-thirds of its victims paying a ransom, according to the report.
• Vulnerabilities Surpass Phishing as Most Common Infection Vector. The 2021 report reveals that the most successful way victim environments were accessed last year was scanning and exploiting for vulnerabilities (35%), surpassing phishing (31%) for the first time in years.
• Europe Felt the Brunt of 2020 Attacks. Accounting for 31% of attacks X-Force responded to in 2020, per the report, Europe experienced more attacks than any other region, with ransomware rising as the top culprit. In addition, Europe saw more insider threat attacks than any other region. They saw twice as many such attacks as North America and Asia combined.

Investment in Open-Source Malware Threatens Cloud Environments

Amid the COVID-19 pandemic, many businesses sought to accelerate their cloud adoption. The X-Force report detailed a 500% increase in Linux-related malware families in the past decade. Cloud environments can become a prime attack vector for threat actors.

With the rise in open-source malware, IBM assesses that attackers may be looking for ways to improve their profit margins. Possibly reducing costs, increasing effectiveness and creating opportunities to scale more profitable attacks. The report highlights various threat groups such as APT28, APT29 and Carbanak turning to open-source malware. This indicates that this trend will be an accelerator for more cloud attacks in the coming year.

Attackers are exploiting the expandable processing power that cloud environments provide, passing along heavy cloud usage charges on victim organizations. Intezer observed more than 13% new, previously unobserved code in Linux cryptomining malware in 2020.

Cybercriminals in Disguise

The 2021 report highlights that cybercriminals opted to disguise themselves most often as brands that consumers trust. Considered one of the most influential brands in the world, Adidas appeared attractive to cybercriminals attempting to exploit consumer demand to drive those looking for coveted sneakers to malicious websites designed to look like legitimate sites. Once a user visited these legitimate-looking domains, cybercriminals would either seek to carry out online payment scams, steal users’ financial information, harvest user credentials, or infect victims’ devices with malware.

The report indicates that the majority of Adidas spoofing is associated with the Yeezy and Superstar sneaker lines. The Yeezy line alone reportedly pulled in $1.3 billion in 2019. It was one of the top selling sneakers for the sportswear manufacturing giant. It’s likely that attackers leveraged the demand of the money-making brand to make their own profit.

Ransomware Dominates 2020 as Most Common Attack

According to the report, in 2020 the world experienced more ransomware attacks compared to 2019. Nearly 60% of ransomware attacks that X-Force responded to used a double extortion strategy. Attackers encrypted, stole and then threatened to leak data, if the ransom wasn’t paid. 36% of the data breaches that X-Force tracked came from ransomware attacks that also involved alleged data theft. This suggests that data breaches and ransomware attacks are beginning to collide.

The most active ransomware group reported in 2020 was Sodinokibi (also known as REvil). It accounted for 22% of all ransomware incidents that X-Force observed. X-Force estimates that Sodinokibi stole approximately 21.6 terabytes of data from its victims, that nearly two-thirds of Sodinokibi victims paid ransom, and approximately 43% had their data leaked – which X-Force estimates resulted in the group making over $123 million in the past year.

Like Sodinokibi, the report found that the most successful ransomware groups in 2020 were focused on also stealing and leaking data, as well as creating ransomware-as-a-service cartels and outsourcing key aspects of their operations to cybercriminals that specialize in different aspects of an attack. In response to these more aggressive ransomware attacks, X-Force recommends that organizations limit access to sensitive data and protect highly privileged accounts with privileged access management (PAM) and identity and access management (IAM).

To download a copy of the X-Force Threat Intelligence Index 2021, please visit: https://www.ibm.biz/threatindex2021

The insights from the report are based from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analyzed from multiple sources within IBM, including IBM Security X-Force Threat Intelligence and Incident Response, X-Force Red, IBM Managed Security Services, and data provided by Quad9 and Intezer, both of which contributed to the 2021 report.

Summary

New cyber security challenges continue to rise every year, but 2020 will be remembered for the uncertainty and rapid change it brought for the infosec space. Cybercrime is still a highly lucrative business, and it is estimated that it will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. Particularly, with Ransomware attacks on the rise, they are now estimated to cost global organisations $20 billion in 2021. Cybercrime communities are getting stronger with criminals exchanging information and tools that allow them to launch better, bigger and more lucrative attacks. Cyber criminals arn’t going anywhere so you must be prepared and maybe it’s time to rethink your active defence. So what is the landscape for cybersecurity and the evolution of threats in 2021? Smarttech247 have a list of the top cybersecurity trends that security professionals should be aware of which you can view below.