Cybercriminals and COVID-19 herded the world to massive cloud migrations, no surprise they leveraged this trend for massive profit and influence.
Manufacturing and energy were the most attacked industries in 2020, second only to the finance and insurance sector. Attackers were taking advantage of the nearly 50% increase in vulnerabilities in industrial control systems (ICS), which both sectors rely heavily on.
Other industries that could not afford downtime due to risks of disrupting medical efforts or critical supply chains, were also par for the hackers’ course.
This is what a recent annual threat intelligence report by IBM has summarized from monitoring over 150 billion security events per day in more than 130 countries. In addition, data was gathered and analyzed from multiple sources within IBM, including IBM Security X-Force Threat Intelligence and Incident Response, X-Force Red, IBM Managed Security Services, and data provided by Quad9 and Intezer.
Some of the report’s highlights include:
- Accelerated use of Linux malware: With a 40% increase in Linux-related malware families in the past year (according to Intezer data), and a 500% increase in Go-written malware in the first six months of 2020, attackers were accelerating a migration to Linux malware that can more easily run on various platforms, including cloud environments.
- Top spoofed brands: Amid a year of social distancing and remote-working, brands offering collaboration tools such as Google, Dropbox and Microsoft, or online shopping brands such as Amazon and PayPal, made the top 10 spoofed brands in 2020. YouTube and Facebook, which consumers relied on more for news, also topped the list. Making an inaugural debut as the seventh most commonly impersonated brand was Adidas, likely driven by demand for the Yeezy and Superstar sneaker lines.
- Ransomware doubles the threat: Asthe cause of nearly one in four attacks that X-Force responded to last year, ransomware attacks aggressively evolved to include double extortion tactics. The most commonly observed ransomware group in 2020 in the X-Force ecosystem—Sodinokibi (also known as REvil)—had a very profitable year. The firm estimates that the hackers made a conservative estimate of over US$123m in 2020, with approximately two-thirds of victims paying a ransom.
The most successful ransomware groups in 2020 were focused on also stealing and leaking data, as well as creating Ransomware-as-a-Service cartels and outsourcing key aspects of their operations to cybercriminals that specialize in different aspects of an attack. Organizations need to step up privileged access management and identity and access management to curb such attacks. - Vulnerabilities surpassed phishing as most common cyber risk: The most successful way victim environments were accessed last year (in the respondent platforms) was scanning and exploiting for vulnerabilities (35%), surpassing phishing (31%) for the first time in years.
- Rise of open source malware: Attackers may be looking for ways to improve their profit margins—possibly reducing costs, increasing effectiveness and creating opportunities to scale more profitable attacks. The report highlights various threat groups such as APT28, APT29 and Carbanak turning to open source malware, indicating that this trend will be an accelerator for more cloud attacks in the coming year.
- Leveraging the Cloud for attacks: Attackers are exploiting the expandable processing power that Cloud environments provide, passing along heavy cloud usage charges on victim organizations, as Intezer observed more than 13% new, previously unobserved code in Linux cryptomining malware last year.
Said Nick Rossmann, Global Threat Intelligence Lead, IBM Security X-Force: “In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note. Many organizations were pushed to the front lines of response efforts for the first time. Attackers’ victimology shifted as the COVID-19 timeline of events unfolded, indicating yet again the adaptability, resourcefulness and persistence of cyber adversaries.”
With attackers’ sights set on clouds, X-Force recommends that organizations should consider a zero-trust approach to their security strategy. Businesses should also make confidential computing a core component of their security infrastructure to help protect their most sensitive data—by encrypting data in use, organizations can help reduce the risk of exploitability from a malicious actor, even if they are able to access their sensitive environments.