Hackers tried to shatter the spine of global supply chains in 2021

Cybercriminals have invested their efforts into breaking supply chains over the past year, with the manufacturing sector now becoming a top target. 

According to IBM's annual X-Force Threat Intelligence Index, based on security incidents and threat data gathered over 2021, businesses are now being "imprisoned" by the active exploitation of vulnerabilities and the deployment of ransomware. 

The tech giant's researchers say that phishing remains the most common attack vector for cyberattacks but there has also been a 33% increase in the use of vulnerabilities against unpatched systems. In total, vulnerability exploits are considered to be responsible for 44% of the reported, known ransomware attacks included in the report. 

Supply chain attacks can have severe ramifications: central service providers may be compromised to deploy poisoned software updates to their customer bases, ransomware may be executed to cause as much disruption to vendors as possible, ramping up the pressure to pay, or attacks may be triggered to deliberately wreak havoc in the real world, such as taking down utilities or core services in a target country. 

CrowdStrike's latest threat report says that ransomware attacks leading to data leaks increased from 1,474 in 2020 to 2,686 in 2021 and the most impacted sectors were technology, engineering, manufacturing, and the industrial sector. 

This appears to back up IBM's findings, which says that ransomware operators tried to "fracture" global supply chains by targeting manufacturing, bearing the brunt of 23% of overall attacks. 

"Attackers wagered on the ripple effect that disruption on manufacturing organizations would cause their downstream supply chains to pressure them into paying the ransom," IBM says. 

In total, 47% of cyberattacks against this industry were caused by the exploitation of vulnerabilities in unpatched software. Vulnerabilities disclosed in Industrial Control Systems (ICS) have risen by roughly 50% year-over-year, however, it should be noted that not all bugs are equal -- and the ones that matter generally relate to interrupted network visibility, remote hijacking, or damage. 

Reconnaissance is also on the rise. As an example, IBM reported a 2,204% increase in the intrusion of internet-connected SCADA Modbus Operational Technology (OT) devices during 2021.

According to IBM, the pivot to manufacturing has "dethroned financial services and insurance after a long reign."

Another interesting note in the report is the signs of an increasing focus on cloud environments. Docker is becoming a more common target for threat actors and in total, there has been a 146% increase in new Linux-based ransomware code. 

Charles Henderson, Head of IBM X-Force, says that 2021 trends reveal a cultural change from "chasing the money" to "chasing the leverage."

"The attack surface is only growing larger, so instead of operating under the assumption that every vulnerability in their environment has been patched, businesses should operate under an assumption of compromise, and enhance their vulnerability management with a zero-trust strategy," Henderson commented. 

Previous and related coverage

• These cybercriminals plant criminal evidence on human rights defender, lawyer devices
  
• How the initial access broker market leads to ransomware attacks
  
• Squirrelwaffle, Microsoft Exchange Server vulnerabilities exploited for financial fraud
  

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0