A shift to Docker-focused targeting that could pave the way for threat actors to invade cloud environments was marked in 2021 by a nearly 150 percent increase in new Linux ransomware code, IBM’s X-Force unit said in a new report.That’s not all ransomware crews brought to the playing field last year. Manufacturing and supply chains were the centerpiece of the big picture:Here are nine key findings and takeaways from IBM's X-Force Threat Intelligence Index:Instead of trying to patch every vulnerability in their environment, businesses should adopt a zero trust strategy to improve their vulnerability management, said Charles Henderson, the head of IBM’s X-Force unit. "Cyber criminals usually chase the money,” he said. “Now with ransomware they are chasing leverage. Businesses should recognize that vulnerabilities are holding them in a deadlock as ransomware actors use that to their advantage.”
- Ransomware actors attempted to "fracture" the backbone of global supply chains with attacks on manufacturing, which vaulted the financial services and insurance sectors to become 2021's most attacked industry (23%). Nearly half of attacks on manufacturing were caused due to vulnerabilities that victim organizations had not yet or could not patch.
- A 146% increase in new Linux ransomware code and a shift to Docker-focused targeting by cyber gangs. Takeaway: Ransomware crews are laying the groundwork to target cloud environments.
- The average lifespan of a ransomware group before shutting down or rebranding is 17 months. Takeaway: Ransomware groups may be activating their own disaster recovery plans. For example, REvil, which was responsible for 37% of all ransomware attacks in 2021, may resurface again despite its take down by international law enforcement in mid 2021.
- Organizations should modernize their infrastructure to place their data in an environment that can help safeguard it, whether on-premises or in clouds. Takeaway: This can help businesses manage, control, and protect their workloads.
- Vulnerabilities in industrial control systems rose by 50% year-over-year in 2021. Takeaway: Although more than 146,000 vulnerabilities have been disclosed in the past decade, the vulnerability management challenge has yet to reach its peak.
- Exploiting vulnerabilities as an attack method increased 33% year-over-year. Takeaway: Enterprises' challenge to manage vulnerabilities may continue to exacerbate as digital infrastructures expand and businesses can grow overwhelmed with audit and upkeep requirements.
- Cyber attackers recognize that containers are common grounds among organizations. Takeaway: Crews are looking for ways to maximize their ROI with malware that can cross platforms and can be used as a jumping off point to other components of their victims' infrastructure.
- In Asia, Europe and MEA, unpatched vulnerabilities caused approximately 50% of attacks in 2021. Takeaway: Businesses biggest security struggle is patching vulnerabilities.
- Asia got hit with 25 percent more attacks IBM observed in 2021, more than any other region. Takeaway: Financial services and manufacturing organizations together experienced nearly 60% of attacks in Asia.
- Phishing was the most common cause of cyber attacks in 2021. Takeaway: When combined with phone calls, the click rate in its phishing campaigns in 2021 tripled in IBM’s Red’s penetration tests.
