Microsoft, Apple and Google were the top three brands criminals attempted to mimic in 2021, according to IBM’s newly released X-Force Threat Intelligence Index. The industry-leading brands were used repeatedly in phishing kits, with attackers likely seeking to capitalize on their popularity and consumers’ trust, the Index said.
Cybercriminals used the brands as a disguise to steal consumers’ information or infect their devices with malware. Of the phishing kits that X-Force analyzed, an overwhelming number targeted email/ID/password combination, while scammers and cybercriminals attempted to gain access to credit card data in the majority of instances, the Index said.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
The other brands that made the list were BMO Harris Bank, Chase, Amazon, Dropbox, DHL, CNN, Hotmail and Facebook, IBM said.
Ransomware, phishing remain top techniques
While ransomware was the number one attack observed by X-Force last year, attacks declined slightly to 21% from 23% the previous year. REvil ransomware actors were responsible for 37% of all attacks, the report said.
Another finding was that ransomware gangs had an average lifespan of 17 months before rebranding or disbanding. REvil, one of the most successful gangs, shut down in October 2021 after 31 months, the Index said.
Meanwhile, 41% of attacks were the result of phishing for initial access, which emerged as the top pathway to compromise in 2021, the Index said.
Other key highlights from the 2022 Index include:
- Hitting consumers’ wallets–Ransomware attacks dominated manufacturing in 2021, contributing to marked-up product/services prices and burdening consumers already dealing with inflation at a near 40-year high. For example, by the end of 2021, ground beef prices rose 10% following the JBS ransomware attack and gas prices increased 10% following the Colonial Pipeline ransomware attack.
- A Rising “debt” of vulnerabilities–With a record number of disclosed vulnerabilities in 2021, X-Force saw 33% rise year over year in the number of network compromises caused by vulnerability exploitation, revealing businesses’ biggest vice: patching. Businesses in Europe, Asia and the Middle East and Africa were virtually overpowered by unpatched vulnerabilities, which caused about 50% of attacks in these regions in 2021.
- “Manu-fractured” supply chains–Manufacturing was the most attacked industry in 2021, accounting for nearly one in four attacks with ransomware persisting as the main culprit. Nearly half of attacks on manufacturing were caused by vulnerabilities.
- Early warning signs of cyber crisis in the cloud–With a 146% increase in new Linux ransomware code and a Docker-focused push expanding beyond just bots, it’s becoming easier for threat actors to utilize cloud environments for malicious purposes.
How brands and consumers can fight back
The fact that manufacturing has replaced financial services/insurance as the most targeted industry for attacks was a notable finding, said Charles DeBeck, senior cyber threat intelligence analyst at IBM Security X-Force.
“It’s only now at a time when the manufacturing industry is at a tipping point that cybercriminals predominantly shifted their sights to this sector, seeking to push it over the edge,’’ DeBeck said. “That tells us that attackers are wagering on the real-world repercussions an attack on these organizations would have–not only are they betting on the victim’s fear of financial/business loss … but they bet on supply chains’ reliance on these organizations, adding even more pressure on victims to pay.”
He added that a manufacturer loses money every second its operations are down, making the industry “a particularly juicy target for ransomware actors.”
One takeaway is that successful brands will continue to find themselves in the spotlight, and that will inevitably draw cybercriminals’ attention, DeBeck said. “We saw some of the most trusted tech brands amongst the companies scammers most commonly impersonated,’’ because they’re betting on the familiarity and positive experience that consumers have with them. That leads consumers to let their guards down and be more likely to click on a malicious URL.
“Consumers need to scrutinize links more and be more skeptical about emails and texts they receive, because the person or brand on the other end may not be who they think it is,’’ he advised.
Today’s digital acceleration combined with the adversarial trends Security X-Force is seeing become more common, makes it clear that where businesses keep their data matters, DeBeck added.
“Businesses need to become more intentional about what data remains on-premises and which migrates to cloud environments,’’ he said. “Because with modernization, when the right data is placed in the right environment, the business can have better control, oversight and security over its workloads, including who has access to it and why.”
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays