Groups of ransomware make millions; open source malware increases 40% in 2020; and tools used for social distance appear at the top of the list of the most counterfeit brands
IBM (NYSE: IBM) Security recently released the X-Force 2021 Threat Intelligence Index, highlighting how cyber attacks evolved in 2020, as those responsible for the threats sought to profit from the unprecedented socioeconomic, commercial and political challenges caused by the COVID-19 pandemic.
In 2020, IBM Security X-Force noted that attackers focused their attacks on organizations vital to global COVID-19 response efforts, such as hospitals, medical and pharmaceutical manufacturers, and energy companies that power the supply chain of the organization. COVID-19.
According to the new report, cyber attacks on healthcare, manufacturing and energy organizations have doubled from the previous year, with threat agents targeting organizations that could not risk disrupting medical or essential supply chain processes. In fact, manufacturing and energy were the sectors most affected in 2020, second only to the financial and insurance sectors. What contributed to this scenario was the fact that attackers took advantage of the increase of almost 50% in the vulnerabilities of industrial control systems (ICS), on which both manufacturing and energy depend heavily.
“Basically, the pandemic has reshaped what is now considered a critical infrastructure and the invaders have realized this. Many organizations had to go to the forefront in aid efforts for the first time, whether to support research on COVID-19, support food and vaccine supply chains, or produce personal protective equipment, ”commented Nick Rossmann, Global Threat Intelligence Leader for IBM Security X-Force. "The victimization of the attackers was changing as the events related to COVID-19 unfolded, indicating once again the adaptability, ingenuity and persistence of opponents of cyberspace."
The X-Force Threat Intelligence Index is based on insights and observations obtained from monitoring more than 150 billion security events per day in more than 130 countries. In addition, data is collected and analyzed from various sources within IBM, including the segments of IBM Security X-Force Threat Intelligence and Incident Response, X-Force Red, IBM Managed Security Services and data provided by Quad9 and Intezer, who contributed to the 2021 report.
Some of the highlights of the report include:
- Cybercriminals have accelerated the use of Linux malware: With a 40% increase in Linux-related malware families last year, according to Intezer, and a 500% increase in malware written in Go in the first six months of 2020, attackers are accelerating the migration to Linux malware, which can run more easily across multiple platforms, including cloud environments.
- The pandemic led to the falsification of leading brands:In a year of social detachment and remote work, brands that offer collaboration tools like Google, Dropbox and Microsoft, or online shopping brands like Amazon and PayPal, were among the top 10 counterfeit brands in 2020. YouTube and Facebook, the sources most used by consumers for follow news last year, they are also at the top of the list. Surprisingly, Adidas made its debut as the seventh most imitated brand in 2020, probably as a result of demand for the Yeezy and Superstar sneaker lines.
- Groups of ransomware have taken advantage of a profitable business model:Ransomware was the cause of almost one in four attacks answered by X-Force in 2020, with an aggressive evolution to include double extortion tactics. Using this model, X-Force estimates that Sodinokibi, the most watched ransomware group in 2020, had a very profitable year. X-Force estimates that the group earned, using a conservative estimate, more than US$ 123 million last year, and about two-thirds of its victims paid a ransom, according to the report.
Investment in open source malware threatens cloud environments
In the midst of the COVID-19 pandemic, many companies have sought to accelerate cloud adoption. "One search Gartner's recent study found that almost 70% of organizations using cloud services plan to increase their cloud spending as a result of the changes caused by COVID-19. ” But considering that Linux is responsable Currently for 90% of cloud workloads and the X-Force report details a 500% increase in Linux-related malware families over the past decade, cloud environments can become an important attack vector for threat agents.
With the rise of open source malware, IBM assesses that attackers may be looking for ways to improve their profit margins, possibly reducing costs, increasing effectiveness and creating opportunities to escalate more profitable attacks. The report highlights several groups of threats, such as APT28, APT29 and Carbanak, which target open source malware, indicating that this trend will be an accelerator for more attacks in the cloud next year.
The report also suggests that attackers are exploiting the scalable processing power that cloud environments provide, passing heavy loads of cloud usage to victim organizations, as Intezer has observed more than 13% of new code, previously not seen in malware crypto mining industry in 2020.
With attackers eyeing the clouds, X-Force recommends that organizations consider a Zero Trust for your security strategy. Businesses must also make sensitive computing a central component of their security infrastructure to help protect their most sensitive data: by encrypting the data in use, organizations can help reduce the risk of exploitation by a malicious agent, even if he can access his sensitive environments.
Cybercriminals posing as famous brands
The 2021 report highlights that cybercriminals have more often chosen to pose as brands that consumers trust. Considered one of the most influential brands in the world, Adidas was attractive to cybercriminals, who tried to exploit consumer demand for coveted sneakers by taking them to malicious websites disguised as legitimate websites. When a user visited these domains with a legitimate appearance, cybercriminals tried to perform online payments, steal users 'financial information, collect credentials, or infect victims' devices with malware.
The report indicates that the majority of Adidas counterfeits are associated with the Yeezy and Superstar shoe lines. The Yeezy line, according to estimates, raised US$ 1.3 billion in 2019 and was one of the best-selling shoes by the sportswear giant. It is likely that, due to the hype generated by the launch of tennis in early 2020, attackers have taken advantage of the demand for this successful brand for their own profit.
Ransomware on top of 2020 attacks
According to the report, the world experienced more ransomware attacks in 2020 compared to 2019. Almost 60% of the ransomware attacks to which X-Force responded used a double extortion strategy in which attackers encrypted, stole and threatened to leak data if the ransom was not paid. In fact, in 2020, 36% of the data breaches tracked by X-Force came from ransomware attacks that also involved alleged data theft, suggesting that data breaches and ransomware attacks are starting to collide.
The most active group of ransomware observed in 2020 was Sodinokibi (also known as REvil), responsible for 22% of all ransomware incidents monitored by X-Force. X-Force estimates that Sodinokibi stole approximately 21.6 terabytes of data from its victims, almost two-thirds of the victims paid a ransom and in about 43% of the cases there was a data leak. For all these reasons, X-Force estimates that, in 2020, this group must have earned more than US$ 123 million.
Like Sodinokibi, the report found that the most successful ransomware groups in 2020 were also involved in theft and leakage of data, as well as in the creation of ransomware cartels as a service and in outsourcing important aspects of their operations to cybercriminals. specializing in different aspects of an attack. In response to these more aggressive ransomware attacks, X-Force recommends that organizations limit access to sensitive data and protect key accounts with Privileged Access Management (PAM) and Identity and Access Management (IAM).
Other important conclusions of the report include:
- Vulnerabilities overcame phishing as the most common infection vector: The 2021 report reveals that the most successful way to access victims' environments last year was by scanning and exploiting vulnerabilities (35%), overcoming phishing (31%) for the first time in years.
- Europe received the greatest impact from the 2020 attacks:Representing 31% of the attacks X-Force responded to in 2020, according to the report, Europe was the region with the most attacks, with ransomware leading the culprits. In addition, Europe has suffered more attacks from internal threats than any other region, with twice as many attacks from North America and Asia combined.
The report presents data that IBM collected in 2020 to provide insights into the global threat landscape and to inform security professionals about the threats most relevant to their organizations. To download a copy of the X-Force Threat Intelligence Index 2021, visit: https://www.ibm.biz/threatindex2021
