A shift to Docker-focused targeting that could pave the way for threat actors to invade cloud environments was marked in 2021 by a nearly 150 percent increase in new Linux ransomware code, IBM’s X-Force unit said in a new report.
That’s not all ransomware crews brought to the playing field last year. Manufacturing and supply chains were the centerpiece of the big picture:
- Ransomware actors attempted to "fracture" the backbone of global supply chains with attacks on manufacturing, which vaulted the financial services and insurance sectors to become 2021's most attacked industry (23%). Nearly half of attacks on manufacturing were caused due to vulnerabilities that victim organizations had not yet or could not patch.
Here are nine key findings and takeaways from IBM's X-Force Threat Intelligence Index:
- A 146% increase in new Linux ransomware code and a shift to Docker-focused targeting by cyber gangs. Takeaway: Ransomware crews are laying the groundwork to target cloud environments.
- The average lifespan of a ransomware group before shutting down or rebranding is 17 months. Takeaway: Ransomware groups may be activating their own disaster recovery plans. For example, REvil, which was responsible for 37% of all ransomware attacks in 2021, may resurface again despite its take down by international law enforcement in mid 2021.
- Organizations should modernize their infrastructure to place their data in an environment that can help safeguard it, whether on-premises or in clouds. Takeaway: This can help businesses manage, control, and protect their workloads.
- Vulnerabilities in industrial control systems rose by 50% year-over-year in 2021. Takeaway: Although more than 146,000 vulnerabilities have been disclosed in the past decade, the vulnerability management challenge has yet to reach its peak.
- Exploiting vulnerabilities as an attack method increased 33% year-over-year. Takeaway: Enterprises' challenge to manage vulnerabilities may continue to exacerbate as digital infrastructures expand and businesses can grow overwhelmed with audit and upkeep requirements.
- Cyber attackers recognize that containers are common grounds among organizations. Takeaway: Crews are looking for ways to maximize their ROI with malware that can cross platforms and can be used as a jumping off point to other components of their victims' infrastructure.
- In Asia, Europe and MEA, unpatched vulnerabilities caused approximately 50% of attacks in 2021. Takeaway: Businesses biggest security struggle is patching vulnerabilities.
- Asia got hit with 25 percent more attacks IBM observed in 2021, more than any other region. Takeaway: Financial services and manufacturing organizations together experienced nearly 60% of attacks in Asia.
- Phishing was the most common cause of cyber attacks in 2021. Takeaway: When combined with phone calls, the click rate in its phishing campaigns in 2021 tripled in IBM’s Red’s penetration tests.
Instead of trying to patch every vulnerability in their environment, businesses should adopt a zero trust strategy to improve their vulnerability management, said Charles Henderson, the head of IBM’s X-Force unit. "Cyber criminals usually chase the money,” he said. “Now with ransomware they are chasing leverage. Businesses should recognize that vulnerabilities are holding them in a deadlock as ransomware actors use that to their advantage.”