In a new report from IBM Security, we get the opportunity to see exactly what kinds of attacks are succeeding, where are they happening, how they’re getting in, and what are the results.
Ransomware has been at the forefront of most cyber news stories of late – from the recent major attacks affecting oil, meat, and other critical services, to the evolution of attacks to now include “triple extortion”. And while we can only speculate what the future of ransomware will look like, it’s imperative that every organization keep their eyes fixed on the current state of attack in order to protect and respond to attacks, should they be experienced.
In IBM Security’s latest report, the X-Force Threat Intelligence Index 2021, we get a glimpse into what the ransomware gangs have achieved, who’s most successful, and what tactics they’re using. This critical detail can provide needed insight into how to best fortify your organization’s network. According to the report:
- Ransomware attacks were #1, involved in 23% of all cyber attacks (with data theft, server access, and BEC following at a distance)
- REvil’s Sodinokibi ransomware dominated with 22% of all ransomware attacks
- 58% of attacks occurred in the U.S.
- 59% of ransomware attacks used a double extortion strategy (where data is exfiltrated and the threat to release is added to the ransom)
- An estimated 21.6TB of data was exfiltrated
- An estimated $123 million was profited by ransomware gangs in the last 12 months from these attacks
These figures echo sentiments I’ve recently been covering on this blog, making the case that ransomware is quickly becoming (if it already hasn’t) the single largest threat to businesses today.
According to IBM Security’s report, Phishing was the initial attack vector in 33% of all attacks, nearly tying with scan-and-exploit and credential theft all for first place. Because a lot of credential theft occurs via phishing attacks, it adds to the sentiment that organizations need to prop up needed protections against email-borne phishing attacks using Security Awareness Training to educate users on attacks that both seek to get the recipient victim to engage with an attachment (likely to install ransomware) or to provide login credentials as part of the process of viewing received content (used for credential theft).
The ransomware problem won’t be going away anytime soon. Whatever your current security stance, you need to make it stronger.