Site icon IT World Canada

Manufacturing was most attacked sector in Canada in 2021: IBM

Image by Metamorworks via GettyImages.ca

Manufacturing was the top attacked industry in Canada last year, according to numbers compiled by IBM researchers.

In its annual Threat Intelligence Index, released Wednesday, the company said nearly one in three cyber attacks were against the manufacturing sector. That compares to 1 in 4 globally.

“An industry operating at a tipping point during the pandemic, attackers used the threat of ransomware to push them over the edge,” IBM said in a news release accompanying the report.

Vulnerability exploitation was the top initial attack vector in manufacturing, the report adds.

In other Canadian-specific data pulled from the numbers:

The numbers came from data gathered by IBM network and endpoint detection devices, cyber incidents IBM responded to, domain name tracking, and more.

Global threats

Globally, ransomware was again the top attack type in 2021, although the
percentage of attacks IBM’s X-Force threat team remediated that were ransomware decreased nearly nine per cent compared to 2020. Law enforcement activity was probably the primary force driving down ransomware and IoT botnet attacks in 2021, the report says. But, it adds, this does not preclude a potential resurgence this year.

The suspected Iranian nation-state threat actor ITG17 (called MuddyWater by some researchers), cybercriminal group ITG23 (known as Trickbot), and Hive0109 (LemonDuck) were some of the most active threat groups X-Force intelligence analysts observed in 2021.

In general, threat groups worldwide sought to augment their prowess and infiltrate more organizations, the report notes. “Malware they used was embedded with greater defense-evasion techniques, in some cases hosted via cloud-based messaging and storage platforms to get through security controls,” the report says. “These platforms were abused to hide command and control communication in legitimate network traffic.

“Threat actors also continued to develop Linux versions of malware, to enable them to cross over to cloud environments more easily.”

Attack Statistics

Among the interesting statistics in the report:

While ransomware was the most common attack type remediated by IBM staff, what IBM calls server access attacks — where the attacker gained unauthorized access to a server, but the final end goal was unknown — was the second-most common attack type. It made up 11 per cent of all incidents the X-Force incident response team were called in for in 2021.

In many cases the threat actors were successful in deploying malware or employing penetration testing tools on a server, including China Chopper Webshells, Black Orifice malware, Printspoofer, and Mimikatz.

In some instances, the report adds, the threat actors exploited a known vulnerability, such as CVE-2020-7961, which would allow for remote code execution on a server. In multiple cases threat actors exploited vulnerabilities in Microsoft Exchange servers to gain unauthorized access to networks of interest.

Some of the server access attacks may have been failed attempts to steal data or deploy ransomware, the report said. “It’s likely that a high number of server access attacks indicates that organizations are identifying and eradicating attacks before they progress into more damaging operations.”

Mitigation tactics

The report also advises these threat mitigation tactics to combat cyber attacks:

 

Exit mobile version