The healthcare sector continues to expose major cracks as cybercrimes against majority healthcare organization across the globe, doubled up says IBM’s X-Force Threat Intelligence Index 2021.
Cybercrimes against the healthcare sector doubled during the pandemic and its continuing to remain in same spotlight. The pandemic is going down in some of the major global hotspots The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries.
- The report highlighted how cyberattacks evolved in 2020, as threat actors sought to profit from the unprecedented socioeconomic, business and political challenges brought on by the COVID-19 pandemic.
- The attackers observed that the global COVID-19 response efforts heavily relied, such as hospitals, medical and pharmaceutical manufacturers, as well as energy companies powering the COVID-19 supply chain.
- Cyberattacks on healthcare, manufacturing, and energy doubled from the year prior, with threat actors targeting organizations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains.
- Manufacturing and energy were the most attacked industries in 2020, second only to the finance and insurance sector. Contributing to this was attackers taking advantage of the nearly 50% increase in vulnerabilities in industrial control systems (ICS), which manufacturing and energy both strongly depend on.
Nick Rossmann, Global Threat Intelligence Lead, IBM Security X-Force said “Attackers’ victimology shifted as the COVID-19 timeline of events unfolded, indicating yet again, the adaptability, resourcefulness and persistence of cyber adversaries.”
Methodology of attacks mostly used:
- Cybercriminals Accelerate Use of Linux Malware – With a 40% increase in Linux-related malware families in the past year, according to Intezer, and a 500% increase in Go-written malware in the first six months of 2020, attackers are accelerating a migration to Linux malware that can more easily run on various platforms including cloud environments.
- Pandemic Drives Top Spoofed Brands –Amid a year of social distancing and remote work, brands offering collaboration tools such as Google, Dropbox and Microsoft, or online shopping brands such as Amazon and PayPal, made the top 10 spoofed brands in 2020.
- Ransomware Groups Cash In On Profitable Business Model – Ransomware was the cause of nearly one in four attacks that X-Force responded to in 2020, with attacks aggressively evolving to include double extortion tactics. Using this model, X-Force assesses Sodinokibi – the most commonly observed ransomware group in 2020 – had a very profitable year. X-Force estimates that the group made a conservative estimate of over $123 million in the past year, with approximately two-thirds of its victims paying a ransom, according to the report.
A Gartner survey found that almost 70% of organizations using cloud services today plan to increase their cloud spending in the wake of the disruption caused by COVID-19.” But with Linux currently powering 90% of cloud workloads and the X-Force report detailing a 500% increase in Linux-related malware families in the past decade, cloud environments can become a prime attack vector for threat actors.
With the rise in open-source malware, IBM assesses that attackers may be looking for ways to improve their profit margins – possibly reducing costs, increasing effectiveness and creating opportunities to scale more profitable attacks.
The report also suggests that attackers are exploiting the expandable processing power that cloud environments provide, passing along heavy cloud usage charges on victim organizations, as Intezer observed more than 13% new, previously unobserved code in Linux cryptomining malware in 2020.
With attackers’ sights set on clouds, X-Force recommends that organizations should consider a zero-trust approach to their security strategy. Businesses should also make confidential computing a core component of their security infrastructure to help protect their most sensitive data – by encrypting data in use, organizations can help reduce the risk of exploitability from a malicious actor, even if they’re able to access their sensitive environments.
Ransomware Dominates 2020 as Most Common Attack:
According to the report, in 2020 the world experienced more ransomware attacks compared to 2019, with nearly 60% of ransomware attacks that X-Force responded to using a double extortion strategy whereby attackers encrypted, stole and then threatened to leak data, if the ransom wasn’t paid. In fact, in 2020, 36% of the data breaches that X-Force tracked came from ransomware attacks that also involved alleged data theft, suggesting that data breaches and ransomware attacks are beginning to collide.
The most active ransomware group reported in 2020 was Sodinokibi (also known as REvil), accounting for 22% of all ransomware incidents that X-Force observed. X-Force estimates that Sodinokibi stole approximately 21.6 terabytes of data from its victims, that nearly two-thirds of Sodinokibi victims paid ransom, and approximately 43% had their data leaked – which X-Force estimates resulted in the group making over $123 million in the past year.
- Vulnerabilities Surpass Phishing as Most Common Infection Vector– The 2021 report reveals that the most successful way victim environments were accessed last year was scanning and exploiting for vulnerabilities (35%), surpassing phishing (31%) for the first time in years.
- Europe Felt the Brunt of 2020 Attacks – Accounting for 31% of attacks X-Force responded to in 2020, per the report, Europeexperienced more attacks than any other region, with ransomware rising as the top culprit. In addition, Europe saw more insider threat attacks than any other region, seeing twice as many such attacks as North America and Asia
(Image Courtesy: www.news.cuna.org)