A 2021 X-Force Threat Intelligence Index report asserts that one in four cyberattacks that the security services arm of IBM responded to in 2020 involved ransomware. The report also notes nearly 60% of those ransomware attacks employed a double extortion strategy whereby attackers encrypted data, stole it, and then threatened to leak it if the ransom wasn't paid. More than a third (36%) of the ransomware attacks also involved alleged data theft, the report reveals.
IBM identifies the most profitable purveyor of ransomware as Sodinokibi, a ransomware group also known as REvil. The group generated more than $123 million in revenue in 2020, according to IBM estimates. Sodinokibi accounted for 22% of all ransomware incidents observed by X-Force, which resulted in approximately 21.6 terabytes of data being stolen. Nearly two-thirds of Sodinokibi victims paid the ransom, with approximately 43% having had their data leaked.
Europe experienced more attacks than any other region, with ransomware being the top culprit. In addition, Europe saw twice as many insider attacks than North America and Asia combined. The 2021 report also reveals that the most successful way victim environments were compromised last year was by scanning and exploiting vulnerabilities (35%), surpassing phishing (31%) for the first time in years.
The X-Force Threat Intelligence Index is based on insights and observations gleaned from monitoring over 150 billion security events per day in more than 130 countries. Data is also gathered and analyzed from multiple sources within IBM, including IBM Security X-Force Threat Intelligence and Incident Response, X-Force Red, IBM Managed Security Services. Other contributors of data include Quad9 and Intezer.
Overall, the report notes that the finance and insurance sectors remain the most attacked vertical industries, mainly because that’s where the money is. However, cyberattacks on healthcare, manufacturing, and energy companies doubled from the year prior, the report finds. A contributing factor to that rise in attacks in the manufacturing and energy sector has been a nearly 50% increase in vulnerabilities in industrial control systems (ICS).
Other notable shifts detailed in the report include a 40% increase in Linux-related malware families in the past year, according to Intezer, and a 500% increase in malware written in the Go programming language in the first six months of 2020. With Linux currently driving 90% of cloud workloads, it would appear that the open-source operating system has become a primary target. The report notes threat groups such as APT28, APT29, and Carbanak are turning their attention to open-source malware.
Finally, the X-Force report notes that as usual collaboration tools such as Google, Dropbox, and Microsoft, along with brands such as Amazon, PayPal, YouTube, and Facebook were the most spoofed by cybercriminals. Making an inaugural debut on the top ten list this year is Adidas, likely driven by demand for the Yeezy and Superstar sneaker lines.
Put it all together, and it’s clear that, from a cybersecurity perspective, there was never a dull moment in 2020. The challenge going into 2021 is to get ready for yet another year that already promises a lot more of the same.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.