Cyberattacks on healthcare, manufacturing and energy doubled in 2020 from the year prior as threat actors increasingly target critical industries that can’t afford downtime, according to a new report from IBM.
The tech giant’s 2021 X-Force Threat Intelligence Index, released Wednesday, illustrates how cyberattacks evolved in 2020 as hacking groups took advantage of socioeconomic, business, and political challenges brought on by the COVID-19 pandemic.
According to the report, manufacturing and energy were the most attacked industries, and attackers looked to take advantage of a nearly 50% increase in vulnerabilities in industrial control systems, which both highly depend on.
The report also suggests threat actors are making more use of Linux-related malware families than ever before. In 2020, there was a 40% increase in Linux malware, and a 500% increase in Go-written malware in the first six months of 2020. This indicates that attackers are accelerating a migration to Linux malware that can more easily run in cloud environments.
IBM also found that well-known brands were among the top targets for spoofing attacks, partly due to the demand for remote work tools. Brands like Google, Dropbox and Microsoft were among the top spoofed brands in the collaboration space, while online shopping brands like Amazon and PayPal were also among the top spoofed brands.
The report also found that ransomware was the cause in nearly 25% of attacks that IBM’s X-Force responded to last year. The company says Sodinokibi – the most commonly seen ransomware group last year – made at least $123 million in 2020 since about two-thirds of its victims paid a ransom.
Ransomware continues to be the most common attack, and about 60% of ransomware attacks IBM responded to used a double extortion strategy in which attackers encrypted, stole and threatened to leak data if the ransom wasn’t paid.
Another critical finding in the report suggests that attackers are moving from phishing attacks as an initial infection vector to vulnerability scanning. For the first time in years, the most successful method used by attacks to access victim environments last year was vulnerability exploitation, which accounted for 35% of initial access vectors last year. Phishing attacks, meanwhile, made up 35% of that metric.
“In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note. Many organizations were pushed to the front lines of response efforts for the first time – whether to support COVID-19 research, uphold vaccine and food supply chains, or produce personal protective equipment,” said Nick Rossmann, Global Threat Intelligence Lead, IBM Security X-Force, in a statement.
“Attackers’ victimology shifted as the COVID-19 timeline of events unfolded, indicating yet again, the adaptability, resourcefulness and persistence of cyber adversaries.”