IBM Security released its annual X-Force Threat Intelligence Index, unveiling how ransomware and vulnerability grow more sophisticated each year,

IBM Security released its annual X-Force Threat Intelligence Index, unveiling how ransomware and vulnerability grow more sophisticated each year,. Photo: Budrul Chukrut/Shutterstock

IBM Security lists Asia as most attacked region

By | 28 February, 2022

  • IBM Security lists Asia as the most attacked region with financial services and manufacturing organizations experiencing nearly 60% of attacks
  • The REvil operation accounted for a whopping 37% of ransomware attacks that X-Force remediated last year
  • X-Force Threat Intelligence Index also observed more attackers shifting their targeting to containers like Docker – by far the most dominant container runtime engine according to RedHat

IBM Security released its annual X-Force Threat Intelligence Index, unveiling how ransomware and vulnerability grow more sophisticated each year. 

These cybercrimes and attacks “imprisoned” businesses in 2021, further fracturing the backbone of global supply chains, with manufacturing emerging as the most targeted industry.

Ransomware attacks have been increasing in recent years, with an alarming 47% of attacks on manufacturing caused due to vulnerabilities. The attacks are now the leading malware infection, with the attacker demanding a ransom payment to release the data.

IBM cybersecurityIBM cybersecurity

IBM CYBERSECURITY HUB TO MITIGATE APAC CYBERATTACKS

Rebecca Oi | 23 February, 2022

IBM Security list Asia as the most attacked region

Asia leads the pack, with financial services and manufacturing organizations experiencing nearly 60% of attacks. Japan, Australia, and India experienced the region’s most server access and ransomware attacks. In 2021, server access attacks (20%) and ransomware (11%), and data theft (10%) were the top three attack types on Asian organizations.

Cybersecurity is more critical now than ever before. In 2021, phishing was the most common cause of cyberattacks. In X-Force Red’s penetration tests, the click rate in its phishing campaigns tripled when combined with phone calls, leading to 43% of attacks observed in the region.

The REvil operation accounted for a whopping 37% of ransomware attacks that X-Force remediated last year before the gang shut down in October 2021. This was followed by Bitlocker, Nefilim, MedusaLocker, and Ragnar Locker.

“The high percentage of server access attacks in Asia suggests that Asian organizations are adept at identifying attacks quickly before they escalate into more concerning attack types,” said researchers from IBM’s X-Force Threat Intelligence team.

The IBM Security report also highlighted the following problems.

  • Ransomware gangs defy takedowns –Ransomware groups continue to operate at a high level, as observed in 2021, despite numerous ransomware takedowns. This is troubling news for businesses and consumers alike. Ransomware has become one of the most severe threats on the internet, and it shows no signs of slowing down. According to the 2022 report, the average lifespan of a ransomware group before shutting down or rebranding is 17 months.
  • Vulnerabilities expose businesses’ biggest vice – X-Force reveals that for businesses in Europe, Asia, and the Middle East and Africa, unpatched vulnerabilities caused approximately 50% of attacks in 2021, exposing businesses’ biggest struggle– patching vulnerabilities. At the same time, vulnerability exploitation as an attack method is growing more popular. X-Force observed a 33% increase since the previous year, with the two most exploited vulnerabilities observed in 2021 found in widely used enterprise applications (Microsoft Exchange, Apache Log4J Library).
  • Early warning signs of cyber crisis in the cloud – Cybercriminals are laying the groundwork to target cloud environments. The 2022 report reveals a 146% increase in new Linux ransomware code, potentially making it easier for more threat actors to leverage cloud environments for malicious purposes.

In 2021, X-Force also observed more attackers shifting their targeting to containers like Docker – by far the most dominant container runtime engine according to RedHat. The application containers on a common operating system (OS) with an ecosystem of allied tools.

“Cybercriminals usually chase the money. Now with ransomware, they are chasing leverage. Businesses should recognize that vulnerabilities are holding them in a deadlock – as ransomware actors use that to their advantage. This is a non-binary challenge,” said Charles Henderson, Head of IBM X-Force.

Henderson added that the attack surface is only growing larger, so instead of operating under the assumption that every vulnerability in their environment has been patched, businesses should operate under an assumption of compromise and enhance their vulnerability management with a zero-trust strategy. 



By

Rebecca goes by Becs and has a penchant for gaming, dogs, and durians. She writes on everything from business, education, and brands to tech and travel. She likes unicorns, the ones worth billions and the ones who she believes can fly.

READ MORE