Organizations in the financial and insurance sectors were the most targeted by threat actors in 2020, continuing a trend that was first observed roughly five years ago, IBM Security reports.
Manufacturing and energy became the second and third most targeted industries last year, respectively. Retail and professional services rounded up the top five most targeted sectors, IBM says.
In the latest installment of their annual X-Force Threat Intelligence Index, IBM Security also reveals that ransomware was the most popular attack method in 2020, with a market share of roughly 23%.
“Threat actors carried out ransomware attacks predominantly by gaining access to victim environments via remote desktop protocol, credential theft, or phishing—attack vectors that have been similarly exploited to install ransomware in prior years,” IBM explains.
The operators behind the Sodinokibi (REvil), which is said to have been the most prevalent ransomware family in 2020, are believed to have made in excess of $123 million in profits during last year alone.
IBM’s security researchers also note that more than half of the ransomware attacks observed in 2020 used a double extortion strategy, where, in addition to files being encrypted, data was stolen and victims threatened with public exposure unless the ransom was paid. IBM estimates that 36% of the public breaches in 2020 were ransomware-related data leaks.
Data theft attacks, IBM says, went up 160% compared to 2019, but accounted for only 13% of the overall incidents in 2020. Server access came in third at 10%, marking a 233% increase year-over-year, while Business Email Compromise (BEC) dropped to fourth position with 9% market share (a drop from 14% in 2019).
Last year, vulnerability scanning and exploitation was the top attack vector, being employed in 35% of all incidents that IBM observed. The top ten most targeted flaws were CVE-2019-19781 (Citrix ADC), CVE-2018-20062 (NoneCMS ThinkPHP), CVE-2006-1547 (Apache Struts), CVE-2012-0391 (Apache Struts), CVE-2014-6271 (GNU), CVE-2019-0708 (BlueKeep), CVE-2020-8515 (DrayTek Vigor), CVE-2018-13382 and CVE-2018-13379 (Fortinet FortiOS), CVE-2018-11776 (Apache Struts), and CVE-2020-5722 (Grandstream UCM6200).
Last year, phishing was employed in 33% of attacks, being the second most commonly used infection vector. Credential theft, on the other hand, only accounted for 18% of attacks, dropping significantly from the previous year (when it accounted for 29% of incidents).
IBM also noticed a significant increase in the number of reported vulnerabilities in industrial control systems (ICS), which reached 468 last year, up 49% from 2019.
Most of the malicious attacks observed in 2020 hit Europe, North America, and Asia, with attacks targeting European organizations registering a spike.
Europe accounted for 31% of the observed attacks, up 10% percentage points from 2019, with ransomware being the most common threat, at 21% of all attacks. North America, on the other hand, was hit by 27% of assaults, a significant drop from the 44% incidents it accounted for the previous year.