- Author|Xu Peng
- Source|Zhongguancun Online
- Release time|2021-03-05
Recently, IBM Security released the 2021 IBM X-Force Threat Intelligence Index report, focusing on the evolution of cyber attacks in 2020. This year, the new crown pneumonia epidemic has brought unprecedented socio-economic, commercial and political challenges, and many threat sources are trying to profit from them. IBM Security X-Force observed: attackers are the key to helping fight the new crown pneumonia epidemic around the world Companies as targets include hospitals, pharmaceutical product manufacturers, and energy companies that provide power to the supply chain to fight the new crown pneumonia epidemic.
According to this latest report, cyber attacks launched against the medical, manufacturing, and energy industries in 2020 have doubled compared with 2019. The target of threat source selection is that once work is stopped, it may cause medical services or critical supply chain interruptions. Key organization. In 2020, the manufacturing and energy industries have become key targets of attack, second only to the finance and insurance industries. As the vulnerabilities in industrial control systems (ICS) have increased by nearly 50%, and the manufacturing and energy industries rely heavily on ICS, attackers use these vulnerabilities to launch attacks.
Nick Rossmann, Head of Global Threat Intelligence at IBM Security X-Force, said: "In essence, this epidemic has reshaped the current critical infrastructure, and the attackers have noticed this. In order to fight the epidemic, many companies are on the front line for the first time. , To support research related to the new crown pneumonia epidemic, to maintain vaccines and food supply chains, and to produce personal protective equipment. With the continuous development of the new crown pneumonia epidemic, attackers are also constantly conducting victim research and changing attack strategies accordingly, which again reflects This improves the adaptability, tact and durability of cyber attackers."
IBM monitors more than 150 billion security incidents that occur daily in more than 130 countries/regions, and publishes the X-Force Threat Intelligence Index report based on the insights and observations obtained through monitoring. In addition, IBM has collected relevant data from multiple internal sources and analyzed these data. Relevant data sources include IBM Security X-Force Threat Intelligence and Incident Response, X-Force Red, IBM Managed Security Services, and data provided by Quad9 and Intezer-in the report released this time, the data from the latter two sources has been reflect.
Highlights of the 2021 IBM X-Force Threat Intelligence Index report include:
-
Cybercriminals accelerate the use of Linux malware-According to data provided by Intezer, in the past year, Linux-related malware products have increased by 40%; in the first six months of 2020, malware written by Go has increased by 500% , Attackers are accelerating the use of Linux malware, which can more easily run on various platforms (including cloud environments).
-
The epidemic has led to counterfeiting of well-known brands. In the past year, social distancing and remote work have been promoted in many places. Therefore, brands that provide collaboration tools such as Google, Dropbox, and Microsoft, or online shopping brands such as Amazon and PayPal have all become popular in 2020. The most frequently counterfeited brand in the year. YouTube and Facebook have become the main channels for consumers to get news last year, so they have also become the most frequently counterfeited brands. Surprisingly, the seventh most frequently counterfeited brand in 2020 turned out to be Adidas. This is the first time that Adidas has entered the list of the most frequently counterfeited brands. The main reason may be the high demand for Yeezy and Superstar sneakers. increase.
-
Ransomware groups benefit from a profitable business model-in 2020, nearly a quarter of the various attacks that X-Force will respond to comes from ransomware, which can evolve into an attack that includes dual ransomware tactics . X-Force used this model to conduct an evaluation and found that Sodinokibi, the ransomware group that received the most attention in 2020, was very profitable that year. X-Force estimated in the report that the company’s conservative earnings valuation in the past year exceeded $123 million, and approximately two-thirds of the victims paid the ransom.
Investment in open source malware puts the cloud environment at risk
During the new crown pneumonia epidemic, many companies are trying to accelerate the adoption of cloud technology. “In fact, a recent survey conducted by Gartner showed that after the new crown pneumonia epidemic caused business interruption, nearly 70% of companies that now adopt cloud services plan to increase their spending on cloud technology.” However, because of the current 90% Cloud workloads are supported by Linux, and the X-Frand report shows that the malware series related to Linux has increased by 500% in the past ten years. Therefore, the cloud environment may become the main attack vector for threat sources.
With the increase in open source malware, IBM found through evaluation that attackers may be looking for ways to increase profitability, that is, they may launch more profitable attacks by reducing costs, improving efficiency, and creating opportunities. The report emphasized that many threat organizations (such as APT28, APT29, and Carbanak) have turned to open source malware, indicating that this trend will lead to more cloud attacks in the new year.
The report also pointed out that the attackers are using the scalable processing capabilities provided by the cloud environment to pass a large amount of cloud usage costs to the victim enterprises. Intezer observed in 2020 that more than 13% of Linux crypto-mining malware has new code that has never been discovered.
Because the attacker's target is locked on the cloud, X-Force recommends that companies should consider adopting a zero-trust approach to their security strategy. Enterprises should also use confidential computing as a core component of their security infrastructure to help protect the most sensitive data. By encrypting the data in use, companies can reduce the vulnerabilities that malicious attackers can exploit, ensuring that even if they can access the company's sensitive environment, they will get nothing.
Cyber criminals masquerading as well-known brands
The 2021 IBM X-Force Threat Intelligence Index report emphasizes that most cybercriminals choose to disguise themselves as brands trusted by consumers. As one of the most influential brands in the world, Adidas seems to have a strong appeal to cybercriminals. These cybercriminals try to use consumer demand psychology to lure those looking for their favorite sports shoes into malicious websites that seem to be legitimate websites. Once a user visits a seemingly legitimate domain name, cybercriminals will try to carry out online payment fraud, steal the user's financial information, obtain user credentials, or use malicious software to poison the victim's device.
The report pointed out that most of the fraudulent acts of counterfeit Adidas are related to Yeezy and Superstar sneaker series. According to reports, the Yeezy series of sports shoes alone generated $1.3 billion in revenue for Adidas in 2019. This series is one of the best-selling sports shoe series of sportswear manufacturer Adidas. Adidas will launch new sports shoes at the beginning of the year, and attackers are likely to take advantage of the buying needs of popular brands for personal gain.
Ransomware is the most common form of attack in 2020
According to the 2021 IBM X-Force Threat Intelligence Index report, compared with 2019, the number of ransomware attacks encountered globally in 2020 has increased. Nearly 60% of the ransomware attacks that X-Force responded to adopted a dual ransom strategy, that is, the attacker encrypts and steals data. If the victim does not pay the ransom money, the attacker will issue threats such as data leaks. In fact, in 2020, 36% of data breaches tracked by X-Force were caused by ransomware attacks. These attacks are also suspected of data theft, indicating that data breaches and ransomware attacks have begun to collide.
According to reports, the most active ransomware group in 2020 is Sodinokibi (also known as REvil). The company-led ransomware attacks account for 22% of all ransomware incidents observed by X-Force. X-Force estimates that Sodinokibi stole approximately 21.6TB of data from the victims. Nearly two-thirds of Sodinokibi victims paid the ransom. About 43% of the victims’ data was leaked. In the past year, profits of 123 million U.S. dollars from blackmail attacks have been made.
The report found that the most successful ransomware groups in 2020 also focus on stealing and leaking data, forming ransomware as a service groups, and outsourcing key parts of their business to cybercriminals who focus on attacking different aspects, just like Sodinokibi. In response to these more aggressive ransomware attacks, X-Force recommends that companies restrict access to sensitive data and use privileged access management (PAM) and identity and access management (IAM) to protect high-privileged accounts.
Other key findings in the report include:
- Vulnerabilities surpassed phishing and became the most common infection vector-the 2021 report showed that last year, scanning and exploits (35%) were the most common ways to access the victim's environment, and for the first time in many years, it surpassed phishing (31%).
- Cyberattacks in 2020 have bruised all of Europe-according to the report, of the attacks X-Force will respond to in 2020, Europe will account for 31% of the attacks, higher than any other region. Among them, ransomware is the culprit. In addition, Europe has suffered more internal threat attacks than any other region, and the number is twice that of North America and Asia combined.
The 2021 IBMX-Force Threat Intelligence Index report uses data collected by IBM in 2020 to provide deep insights into the global threat domain and inform security experts of the threats most relevant to their business.
