The IBM Security Team’s annual report analyses security incidents and internal observations and identifies new developments. The past years show known constants, but also interesting new trends.

Phishing is the most common type of attack

97% of the attacks are the work of organised cybercriminals. As expected, phishing and ransomware are prominent. The direct “social” attack on employees is most widespread, at over 40%. Cybercriminals most frequently misused the well-known names of Microsoft, Google or Apple for this purpose. Combining a phishing email with a phone call, will triple the success of an attack. The actual purpose behind phishing attacks remains in most cases the introduction of ransomware.

Manufacturing industry as the most popular target

While the financial sector was the number 1 in previous years, the focus of attacks has now shifted to the industrial sector. The reason is thought to be, on the one hand, greater sensitivity to failures in manufacturing and supply chains, and on the other hand, an expansion of the target group: cybercriminals are actively looking for new targets and adapting their tools to the different environments. New ransomware code specialised on Linux systems increased by almost 150%. Attacks on traditional OT environments with SCADA/Modbus were up to 20 times more frequent than in the previous year. Although it is considered best practice to disconnect critical systems from the office network and the internet on several levels, some individual components are still directly accessible from the internet.

Botnet in search of IoT devices

IoT systems also remain a popular target for attacks. Cybercriminals try to exploit vulnerabilities and unadapted default settings of unsecured systems in an automated way. The Mozi botnet was specifically designed for this purpose, and its activities have increased almost thirty-fold since 2019. According to the IBM report, around 75% of IoT malware originates from this source. The suspected authors have probably been arrested.

Active attacks on cloud environments

Widely used virtualisation platforms such as VMWare ESX and Docker are increasingly becoming the focus of attack strategies. Cybercriminals actively look for vulnerabilities in standard configurations and interfaces and exploit them directly. Administrators should therefore study the recommendations and security guides carefully, implement them and check them regularly.

Learnings from the study

The authors of the IBM study divide the recommendations for improving cybersecurity at companies into two categories. On the one hand, those responsible are advised to minimise the potential risks in the IT landscape and to further expand and implement fundamental security approaches. These include the concepts of zero trust and the maximum limitation of access rights (principle of least privilege), the automation of security-relevant processes and activities as well as the expansion and improvement of detection and reaction to possible security incidents.

On the other hand, specific measures recommended include the development of a concrete response plan for a ransomware incident, the use of multi-factor authentication for remote access to corporate resources, and prevention of phishing attacks. This includes both technical security measures and user training to raise awareness and detect fake communication attempts.

Industrial Cyber Security & Cybersecurity Awareness

With the optimal combination of market-leading solutions and practical industry experience, IKARUS is your trusted contact for industrial security. As a Platinum Partner of Nozomi Networks, we offer the best international technologies for industrial security and visibility at the advantages of a local partner. For maximum output, we focus on active knowledge transfer and support from our certified system engineers and security specialists – from proof of value to ongoing operation of the solution in your OT.

To actively counteract social engineering and phishing, we offer sustainable awareness campaigns, packages, training and consulting in cooperation with Secutain. Hand in hand, targeted technological security precautions and appropriately trained employees provide the optimal defence strategy for more cyber security and resilience.

Worth reading:
Defense in Depth: Multi-layer approach for lived OT security
Who takes care of security in the OT?
Ransomware attacks: Do‘s and Don’ts

Sources:
https://www.ibm.com/security/data-breach/threat-intelligence/
https://www.ibm.com/downloads/cas/ADLMYLAZ