Ransomware declined slightly in 2022 compared to 2021, according to the new IBM Security X-Force Threat Intelligence Index, and while that’s good news, there’s even better news. The new report suggests defenders were more successful in their efforts to detect and prevent ransomware in 2022. While it’s true that cyber criminals will continue to become more innovative in their efforts to sabotage and hijack, if defenders can continue on this path of improved detection and prevention, it’ll make the bad guys’ jobs way harder.
In order to improve, it’s helpful to take a look at what went wrong in the realm of cybersecurity in the previous year. IBM’s 2023 report suggests extortion made the most impact in terms of cyberattacks in 2022, and threat actors pursued extortion through tactics like ransomware, DDoS (distributed denial of service), and business email compromise attacks. More than a quarter (27%) of attacks last year were extortion related, and 30% of those extortion attacks targeted manufacturing. Europe was a huge target in 2022, most likely due to geopolitical tensions, with 44% of extortion efforts aimed at that region.
Compared to 2021, ransomware incidents went down by 4% in 2022, IBM says. But it’s clear threat actors were doing everything they could to wreak havoc. For instance, the report suggests the time it took cyber criminals to execute a ransomware attack in 2022 was just 3.85 days. This represents a 94% decline in deployment time compared to just a few years ago. For reference, IBM says in 2019, it took 60+ days for an attack to get up and running, and in 2020, deployment time was 9.5 days.
Phishing was the leading infection vector in 2022, and it was present in 41% of cybersecurity incidents. Interestingly, 16% of attacks leveraged valid accounts for phishing, proving individuals and businesses can never let their guard down by continuing to educate and train employees to recognize and flag phishing attempts. In fact, IBM reports a concerning rise in thread hijacking, a technique in which a threat actor butts into a conversation between two legitimate participants while pretending to be one of the participants. X-Force saw the use of this technique double in 2022 compared to 2021.
Another key cybersecurity trend in 2022 was backdoor deployments, with criminals selling backdoor access for up to $10,000, reports IBM. Promisingly, though, the 2023 X-Force report also says 67% of backdoor attempts in 2022 failed before the ransomware could be deployed, thanks to defenders’ diligence.
Diligence should be the word of the year for 2023, since it is the key to maintaining the positive trends like a slight decline in ransomware attacks and defenders’ success in blocking a majority of backdoor access attempts. In manufacturing particularly, since so many efforts target this sector, diligence will be of the utmost importance to keep 2023 from being a headliner year in cybersecurity for all the wrong reasons.
Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #digitaltransformation #machinelearning #cybersecurity #IBM #IBMSecurity #manufacturing #ransomware #cyberattacks #phishing #security #extortion #DDoS