According to IBM Security, organisations in the financial and insurance sectors were the most targeted by threat actors in 2020, continuing a pattern that began around five years ago.
Last year, manufacturing and energy ranked second and third, respectively, in terms of targeted industries. According to IBM, retail and professional services rounded out the top five most targeted industries.
According to the latest edition of IBM Security’s annual X-Force Threat Intelligence Index, ransomware will be the most common attack method in 2020, with a market share of roughly 23%.
“Threat actors gained access to victim environments primarily via remote desktop protocol, password theft, or phishing—attack vectors that have been similarly used to instal ransomware in previous years,” IBM notes.
The operators of the Sodinokibi (REvil) ransomware family, which is claimed to be the most popular ransomware family in 2020, are thought to have made more than $123 million in income last year alone.
More than half of the ransomware attacks observed in 2020, according to IBM’s security researchers, used a double extortion tactic, in which data was compromised and victims were threatened with public disclosure before the ransom was paid. According to IBM, ransomware-related data leaks will account for 36% of all public breaches in 2020.
According to IBM, data theft attacks increased 160 percent in 2020 compared to 2019, but only accounted for 13 percent of all incidents. Server access was ranked third with 10% market share, up 233 percent year over year, while Business Email Compromise (BEC) was ranked fourth with 9% market share (a drop from 14 percent in 2019).
Vulnerability scanning and exploitation was the most common attack vector last year, accounting for 35% of all IBM-identified incidents. CVE-2019-19781 (Citrix ADC), CVE-2018-20062 (NoneCMS ThinkPHP), CVE-2006-1547 (Apache Struts), CVE-2012-0391 (Apache Struts), CVE-2014-6271 (GNU), CVE-2019-0708 (BlueKeep), CVE-2020-8515 (DrayTek Vigor), CVE-2020-5722 (Apache Struts), CVE-2018 (Grandstream UCM6200).
Phishing was used in 33% of attacks last year, making it the second most common infection vector. Theft of credentials, on the other hand, accounted for just 18% of assaults, a substantial decrease from the previous year (when it accounted for 29 percent of incidents).
In addition, IBM found a substantial rise in the number of recorded vulnerabilities in industrial control systems (ICS), which increased by 48% from 2019 to 468 last year.
In 2020, the majority of malicious attacks were found in Europe, North America, and Asia, with attacks against European organisations seeing an increase.
Europe accounted for 31% of all attacks, up 10% from the previous year, with ransomware being the most common threat, accounting for 21% of all attacks. North America, on the other hand, was the scene of 27 percent of attacks, down from 44 percent the previous year.