IBM (New York Stock Exchange code: IBM) Global Security released its annual X-Force Threat Intelligence Index today, revealing how ransomware and vulnerability exploitation teamed up to “imprison” businesses in 2021, further increasing the burden on global supply chains and making manufacturing a target of criticism. Although phishing was the most common cause of cyber attacks last year, IBM Security X-Force observed a 33% increase in attacks caused by exploiting unpatched software vulnerabilities. Compared to other attack entry points, this is the most dependent attack entry point for ransomware actors in 2021, accounting for 44% of ransomware attacks.
The 2022 report provides a detailed introduction to how ransomware actors in 2021 attempted to attack the manufacturing industry by “disrupting” the backbone of the global supply chain, making it the most attacked industry in 2021 (23%), replacing the financial services and insurance industries that were most attacked for a long time in the past. The reason why they are subjected to more ransomware attacks than other industries is because attackers bet that disrupting manufacturing organizations will cause ripple effects in their downstream supply chains, forcing them to pay ransom. Surprisingly, 47% of attacks targeting the manufacturing industry are caused by vulnerabilities that have not yet been or cannot be repaired by victim organizations, highlighting the need for organizations to prioritize vulnerability management.
The 2022 IBM Security X-Force Threat Intelligence Index depicts new trends and attack patterns observed and analyzed by IBM Security from its data – which comes from billions of data points such as network and endpoint detection devices, event response activities, and phishing tool tracking – including data provided by Intezer.

ER22020/T

Some highlights of this year’s report include:
Ransomware gangs are not afraid to strike. Ransomware continues to be the most common form of attack observed in 2021, despite increasing the crackdown on ransomware, there is no sign of the ransomware gang stopping. According to a 2022 report, the average lifespan of a ransomware gang before being shut down or renamed is 17 months.
The vulnerability exposes the biggest “bad habit” of the enterprise. X-Force shows that for companies in Europe, Asia, and the Middle East, unfixed vulnerabilities caused about 50% of attacks in 2021, exposing their biggest struggle – fixing vulnerabilities.
Early warning signals for cloud based network crises. Cybercriminals are preparing to target the cloud environment. A 2022 report shows that the new Linux ransomware code has increased by 146% and shifted towards targeting Docker, which may make it easier for more threats to exploit the cloud environment for malicious attacks.
IBM X-Force Manager Charles Henderson stated that, Cybercriminals are usually pursuing money, and with ransomware, they begin to pursue leverage. Companies should recognize that vulnerabilities are putting them in a stalemate – attackers of ransomware will exploit these vulnerabilities for huge profits. This is a daunting challenge, and the scope of attack will only grow. Therefore, companies should not assume that every vulnerability in their operating environment has been patched, but rather that there is a loophole Operate in a cave environment and strengthen its vulnerability management through a zero trust strategy
The Nine Lives of Ransomware Gang
In response to the recent accelerated crackdown on ransomware by law enforcement agencies, ransomware gangs may be launching their own disaster recovery plans. X-Force’s analysis shows that the average lifespan of a ransomware organization before shutting down or changing its name is 17 months. For example, in 2021, REVil, which accounted for 37% of all ransomware attacks, survived for four years by changing its name and surname, indicating that it may reappear despite being breached by a joint action of multiple governments in mid-2021.
Although the crackdown by law enforcement agencies can slow down the speed of ransomware attackers, reshaping corporate brands or rebuilding infrastructure also brings a cost burden to businesses. With changes in the environment, enterprises must modernize their infrastructure and place their data in a protected environment – whether locally or in the cloud. This can help businesses manage, control, and protect their workloads, and eliminate the advantage of threats in compromising situations by increasing the difficulty of accessing critical data in hybrid cloud environments.