Every year, IBM takes a close look at global cyberattacks in its X-Force Threat Intelligence Index. According to the report, the manufacturing industry was the most affected sector globally, accounting for 23% of all attacks; in Germany, the proportion was as high as 31%. Most attacks on production were carried out by exploiting vulnerabilities (47%), followed by phishing at 40%. It is interesting to note that cyber criminals specifically targeted the manufacturing industry and its role in global supply chains in order to disrupt or interrupt them.

Ransomware the most frequently used type of attack

The most commonly used attack type in 2021 was again ransomware - despite a 9% decrease compared to the previous year. IBM cited the activities of law enforcement agencies as the most likely cause of the decline in ransomware and IoT botnet attacks in 2021. At the same time, however, the IT group warns that a possible resurgence in 2022 cannot be ruled out.

Of all industrial sectors, the manufacturing industry was the one most affected by cyberattacks in 2021.

© IBM

However, companies are increasingly confronted with a triple extortion in ransomware attacks: Their data is encrypted and stolen, while the hackers simultaneously threaten to publish this data and launch a Distributed Denial of Service (DDoS) attack against the victim if a ransom is not paid.

The most common ransomware strain, accounting for 37% of all ransomware attacks, was 'REvil', a type also referred to as 'Sodinokibi' in the X-Force report. The ransomware type 'Ryuk' follows in second place with 13%.

Phishing kits for Microsoft, Apple and Google

The report also examined how cybercriminals used phishing kits in 2021. According to the report, cybercriminals attempted to impersonate major brands such as Microsoft, Apple and Google in particular in 2021. The security experts assume that the attackers wanted to capitalize on the popularity and consumer confidence in these three brands.

According to the report, threat groups around the world were looking to improve their skills and infiltrate more companies. The malware they used was often embedded in programs or methods designed to bypass defenses. In some cases, these were hosted via cloud-based messaging and storage platforms to bypass security controls. These platforms were used to hide command and control communications in legitimate network traffic. In addition, cybercriminals continued to develop Linux versions of malware to facilitate the transition to cloud environments.

In particular, three especially active threat groups were observed by the analysts in 2021: the suspected Iranian threat actor ITG17 (MuddyWater), the cybercriminal group ITG23 (Trickbot) and Hive0109 (LemonDuck).

Suitable protective measures

© Pixabay/CC0

Wolfgang Huber, Regional Director DACH at data management provider Cohesity, took the X-Force Threat Intelligence Report as an opportunity to give some tips on how to protect against cyber criminals. He recommends:

1) Close security gaps more quickly

It is alarming that almost half of all attacks today still exploit known vulnerabilities. Companies in all sectors must therefore constantly update their systems and apply all available patches immediately. Properly secured systems, effective password guidelines and ensuring compliance are crucial components of solid security. Companies should also mitigate credential risk with strict access controls such as multi-factor authentication or granular role-based access control.

2) Inventory for data

Companies must determine what data they have, where it is located, how it is classified and who is working with it. Only then can they determine whether deviant behavior is occurring against these data sets, such as espionage, ransomware or phishing victims. Automation, machine learning and AI can be used to map the environment in order to determine the storage locations of the most valuable data. A policy-based approach can then be used to consider how to protect the data and restore it in the event of an attack. For example, ML and AI tools immediately recognize that data is in the wrong place and isolate it. This enables an immediate response if deviations are detected.

3) Trust no one - zero trust

Hackers are increasingly turning to targeted attacks that conventional security tools usually fail to detect. The Zero Trust model is based on the principle of "never trust, always verify". It should be implemented with effective solutions that combine data security and data governance. Companies can then determine who is accessing data and detect behavioral anomalies almost in real time. Automated data classification with predefined guidelines for regulations such as GDPR makes it easier to meet compliance and governance requirements. In addition, policy-compliant defenses can be triggered via integration with leading SOAR (Security Orchestration, Automation and Response) platforms.

4) Use immutable backups

In the past, cyber criminals only encrypted production data. These could be quickly restored using backups. Today, however, they are also increasingly destroying or encrypting backup data. This is why companies need to use next-generation data management solutions that include immutable backup snapshots. Immutability ensures that no unauthorized user or application can modify the "golden" copy of the backup. Any attempt to modify the "golden" copy will automatically result in the creation of a zero-cost clone. These architectures should also include robust encryption algorithms, erasure coding and WORM (DataLock).

5) Use security as a service

Many industrial companies are overwhelmed by the introduction of current security solutions. However, they can simply use them as a service. This applies not only to an AI/ML-based data security and governance service that automatically detects sensitive data and abnormal access and usage patterns. A copy can also be stored in a secure data isolation managed by the provider. In the event of a ransomware attack, companies can then quickly and reliably restore a clean copy of the data to the desired location - on-premises or in the cloud.

AI-supported security

With modern data management solutions, companies can scan production data and improve their overall security situation using AI-supported functions. For example, managers are notified if backup data changes or access rates deviate from the norm. This could indicate an attack. The security solutions can also be used as a service. Companies are then optimally protected even without their own infrastructure.

With documents from IBM and Cohesity.