In December 2020, U.S. national security officials made a shocking announcement: the U.S. government had been hacked. The cyber attack, attributed to a nation-state actor who had taken advantage of a back door in network monitoring software, comprised a number of federal agencies and critical infrastructure. Even today the extent of the breach is still unclear.
The hack is indicative of the current challenges facing organizations of all stripes to protect themselves from bad actors. The extraordinary circumstances of 2020, a global pandemic that fundamentally reformed the functioning of organizations, gave cyber adversaries opportunities to exploit the needs of communication networks and provided targets rich in supply chains and critical infrastructure. In today’s environment, third-party risk can certainly be predicted, but specific threats are more difficult than ever to predict.
To help meet the challenges of these times, IBM Security assesses the cyber threat landscape and helps organizations understand evolving threats, their associated risk, and how to prioritize cybersecurity efforts. In addition to the premium threat intelligence that IBM Security provides to customers, the company analyzes a large amount of data to produce the X-Force threat intelligence index, an annual record of the landscape. of threats and how it changes.
Among the trends followed by IBM Security, ransomware continued to rise to become the number one threat type, accounting for 23% of the security events to which X-Force responded in 2020. Ransomware attackers went increase pressure to extort payment by combining data encryption with threats to filter data from public places. The success of these schemes helped just one band of ransomware make more than $ 123 million in profits by 2020, according to X-Force estimates.
Manufacturing organizations withstood several ransomware attacks and other attacks in 2020. The manufacturing industry in general was the second most targeted, after finance and insurance, as it was the eighth most targeted industry in 2019. X- Force discovered sophisticated attackers who used spear phishing to target campaigns against manufacturing companies and NGOs involved in the covid-19 vaccine supply chain.
Threat actors also innovated their malware, especially Linux-targeted malware, open source software that supports cloud infrastructure, and critical data storage for businesses. Intezer’s analysis uncovered 56 new families of Linux malware in 2020, far more than the level of innovation found in other types of threats.
These findings help to inform about the challenges that organizations can expect over the next year. In 2021, a combination of old and new threats will require security teams to consider many risks simultaneously. One of these risks is the likely persistence of extortion schemes; attackers who publicly filter data about names and embarrassing sites increase the influence of threat actors to get high prices for ransomware infections. Cybersecurity stakeholders should also expect threat actors to continue to shift their gaze to different attack vectors, from Linux systems to IoT devices to cloud environments.
Still, organizations are not helpless. Building on the findings of IBM Security X-Force, keeping up with threat intelligence and building strong response capabilities are impactful ways to help mitigate threats in the evolving landscape, regardless of the industry or country where you work.
X-Force, for example, recommends that organizations of all sizes proactively plan a ransomware attack. Regularly drilling a response plan, which should address data theft and data theft extortion techniques, can make the difference in how an organization responds at the critical time. This response plan can be implemented as part of a zero-confidence approach that also includes multifactor authentication and data loss prevention solutions to protect against unintentional or malicious internal threats.
There is reason to expect 2021 to be a better year. Trends are notoriously difficult to predict, but the only constant is change. Resistance to the growing and downward challenges of cybersecurity requires practicable intelligence and a strategic vision for the future of more open and connected security. The 2021 X-Force Threat Intelligence Index provides this, helping cybersecurity stakeholders understand where there have been threats over the past year and prepare for what’s to come.
Credits: By WP BrandStudio.