2020 saw a boom in cyberattacks with cybercriminals taking advantage of the coronavirus pandemic and lockdown to stage ransomware campaigns, deploy malware, exploit vulnerabilities and commit data breaches. Though we’re now in a new year, bad actors are not only likely to deliver more of the same but find new ways to carry out their attacks.
SEE: Incident response policy (TechRepublic Premium)
In a report released Wednesday, security arm IBM X-Force describes some of the latest threats that have surfaced and offers advice on how to protect your organization against them.
In 2020, cybercriminals shifted their attacks to organizations that played an integral role in COVID-19 response efforts. These included hospitals, medical and pharmaceutical manufacturers, and energy companies managing the COVID-19 supply chain. As these sectors could not afford any extended downtime, cyberattacks against them doubled from 2019, according to the report.
Manufacturing and energy were the most attacked industries in 2020, second only to the finance and insurance sector. As part of this scenario, exploits against vulnerabilities in industrial control systems (ICS) spiked by almost 50%.
“In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note,” Nick Rossmann, global threat intelligence lead for IBM Security X-Force, said in a press release. “Many organizations were pushed to the front lines of response efforts for the first time–whether to support COVID-19 research, uphold vaccine and food supply chains, or produce personal protective equipment. Attackers’ victimology shifted as the COVID-19 timeline of events unfolded, indicating yet again, the adaptability, resourcefulness, and persistence of cyber adversaries.”
Among the greater volume of ransomware attacks that occurred in 2020, almost 60% seen by X-Force used a double-extortion strategy in which attackers not only encrypted sensitive data but threatened to release it publicly unless the ransom was paid. Further, 36% of the data breaches observed last year were from ransomware attacks that also involved alleged data theft, indicating that data breaches and ransomware attacks are beginning to collide.
Due in part to these new tactics, ransomware gangs enjoyed a profitable year. The most successful ransomware groups in 2020 not only stole and leaked data but created ransomware-as-a-service cartels by outsourcing areas of their operations to specialized cybercriminals. As one example, the infamous Sodinokibi ransomware group conservatively took in more than $123 million in the past year as around two-thirds of its victims ended up paying the ransom, according to X-Force.
To protect your organization against the potential security threats you may face this year, IBM X-Force offers the following tips:
- Limit access to sensitive data and protect highly privileged accounts with privileged access management (PAM) and identity and access management (IAM).
- Get in front of the threat rather than react to it. Leverage your threat intelligence to better understand the motivations and tactics of attackers and prioritize your security resources accordingly.
- Double-check your organization’s patch management process. Cybercriminals scanning for and exploiting vulnerabilities was one of the most common methods of infection last year. As such, you need to ensure that your patch management process can find and stop automated exploitation attempts quickly and effectively.
- Build and train an incident response team within your organization. If that’s not possible, use an external incident response capability for prompt response to high-impact incidents.
- Implement multifactor authentication (MFA). Adding this extra layer of protection to accounts continues to be one of the most efficient security priorities for organizations.
- Preparation is a key way to respond to ransomware. Establish a ransomware attack plan that addresses blended threats and data theft extortion techniques. Regularly rehearse this plan to make sure your organization can respond in a critical moment.
- Protect against insider threats. Use data loss prevention (DLP) solutions, training and monitoring to prevent inadvertent or malicious insiders from breaching your organization.
- Stress test your organization’s incident response plan to develop muscle memory. Tabletop exercises or cyber range experiences can provide your team with critical experience to improve reaction time, reduce downtime and ultimately save money in the case of a breach.
- Make sure you have backups, test backups, and offline backups. Ensure not only the presence of such backups but their effectiveness, and employ real-world testing to confirm their reliability.