Phishing Is the Tool, Ransomware Is the Payload: IBM 2022 Threat Intelligence Index
Phishing remains the top tool for criminals targeting businesses, while ransomware has become the most popular form of cyberattack, according to the IBM Security X-Force Threat Intelligence Index 2022. The report, which catalogs attacks recorded between January and December 2021, ahead of a rise in cyber attacks related to the war in Ukraine, offers some sobering statistics for business owners and cyber security professionals.
Phishing accounted for 41% of intrusions in 2021
IBM found that phishing was the leading method of compromising security across all industries, and that it accounted for 46% of intrusions at financial institutions. Criminal organizations now offer Phishing as a Service (PhaaS) and have improved their techniques. IBM reported that phishing campaigns that included phone calls were 3 times more effective than non-call phishing campaigns, with a click rate of 53.2% of those targeted. Major technology brands, including Google, Apple and Microsoft were frequently used to create phishing emails.
There are two concerning trends here. The first is the arrival of phishing as a service. When organized criminals start working on behalf of multiple clients, they can measure their success rates in the same way that legitimate businesses measure their marketing success. This will allow them to evolve strategies faster.
The second is the astounding 53.2% success rate for attacks that included phone calls.. A little persistence from a hacker should not cause your people to fall for the phish. Robust phishing awareness training becomes even more critical in the face of this threat.
Ransomware led all attacks
Ransomware accounted for 21% of attacks IBM observed and was the most common type of attack encountered in 2021. Those attacks escalated in 2022, as Microsoft noted in its Digital Defense Report. Hackers are not simply using ransomware to extort businesses anymore; increasingly, they use it to exfiltrate data and then wipe systems clean, removing all traces of their activity.
Facing a ransomware attack is bad enough, but the new trick for state-sponsored hackers is to simply erase all your business data without ever asking for a payment. In some cases, stolen data gets put up for sale on the Dark Web, while in other cases the damage to your cyber infrastructure is the intended result. The only remedy for this is to back up your data frequently, a process that benefits from the guidance of an experienced Virtual CISO. Even if you have in-house IT support, speaking with an expert on intrusions and recovery can help you develop protocols that will prevent permanent data loss.
Manufacturers were the top target
In a shift from 2020, manufacturing became the most-targeted industry for cyber criminals observed by IBM, moving ahead of financial services and accounting for 23.2% of all attacks. Ransomware was the most common attack unleashed on manufacturers.
There are two possible reasons for cyber criminals to shift their focus to manufacturers. Supply chain disruptions that magnified in the second half of 2021 put enormous pressure on manufacturers to increase production. Criminals are usually looking for a fast, hassle-free payout. Faced with the prospect of days, if not weeks, of downtime to restore systems, manufacturers found themselves in a place where payments were the quickest way to get operations back up to speed. Don’t give in to that temptation, as hackers can and will erase your data after you make that payment, costing both the time to restore operations and the ransom money.
Manufacturing is also a softer target than financial services. Nearly all banks and service providers have robust cyber security and regular anti-phishing training to thwart attacks. Manufacturers may not recognize the risks to their systems as readily and may not have all systems secured. Legacy software and legacy operating systems are a particular vulnerability for this sector. Remember that anything connected to the Internet is a possible path for a cyber attack.