Sodinokibi (REvil) was the most commonly observed ransomware group in 2020, IBM reported. Sodinokibi actors earned over $123 million in ransom payments last year; approximately two-thirds of Sodinokibi victims paid a ransom.
Key Findings from IBM's 2021 X-Force Threat Intelligence Index
Other notable results from IBM's report included:
- Scanning and exploiting for vulnerabilities ranked first in terms of the most successful way to access victim environments.
- Finance and insurance was the most-attacked industry.
- Europe experienced more cyberattacks and more insider threat attacks than any other region.
- The number of vulnerabilities linked to industrial control systems (ICS) rose 49 percent year over year.
- 56 new Linux-related malware families were discovered, which represented a 40 percent year-over-year increase.
In addition, IBM offered the following cyber threat predictions for 2021:
- Thousands of new vulnerabilities will be reported on old and new applications and devices, causing the global cyber risk surface to grow.
- Cybercriminals will increasingly use the "double extortion" strategy during ransomware attacks. With double extortion, a hacker uses ransomware to illegally access a victim's data. The hacker then threatens to leak this information in the hopes of getting a ransom payment.
- Threat actors will explore ways to launch sophisticated attacks across Linux systems, Internet of Things (IoT) devices and cloud environments.
- Organizations across all industries will need to update their cybersecurity programs to keep pace with evolving cyberattacks.
IBM also provided recommendations to help organizations prepare for cyber threats this year, including:
- Use threat intelligence to learn about threat actor motivations and tactics
- Leverage data loss prevention (DLP) solutions to guard against insider threats
- Build and train an incident response team
- Require multi-factor authentication (MFA)
Furthermore, organizations should consider implementing a zero-trust approach to cybersecurity, IBM stated. With a zero-trust approach, organizations can protect data in use, even if malicious actors can access their sensitive environments.