Ransomware accounted for nearly 60 per cent of attacks on Canadian IBM customers last year, according to an analysis by the tech giant.
The figure comes from IBM’s X-Force cybersecurity unit’s annual Threat Intelligence Index for 2020.
The report states that ransomware was by far the top attack type in Canada, making up 57 per cent of attacks where the attack type was known. By comparison globally, only one in four attacks observed last year was ransomware.
Ray Boisvert, an IBM security partner, says the success of ransomware group’s turn to double extortion — where attackers threaten to embarrass victim companies with the release of stolen data in addition to encrypting data — is a critical factor.
IBM estimates the Sodinokibi group made US$123 million globally with this tactic, with approximately two-thirds of its victims paying a ransom.
“We see a lot more targeted attacks than blanket ransomware,” Boisvert added.
Other Canadian data cited in the Threat Intelligence Index for 2020
- The retail (41 per cent) and finance and insurance (33 per cent) sectors were the top industries targeted in Canada, followed by government and transportation (each 8 per cent of attacks).
- The healthcare sector accounted for 6.6 per cent of attacks, but that was double the amount in 2019. Ransomware accounted for 28 per cent of attacks on the healthcare sector. In 20 per cent of healthcare sector attacks, known Citrix vulnerabilities were exploited.
- COVID-19 response efforts were frequently targeted. IBM says it observed critical global supply chains associated with PPE procurement efforts and vaccine cold chain distribution being attacked. “The pandemic theme continues to be a great opportunity,” with COVID on the minds of many looking for news.
The report also highlights that the increasing number of people working from home meant threat actors could count on cyber defences being lower than those behind corporate firewalls. The quick shift by many organizations to cloud-based solutions opened several vulnerable doors.
Boisvert says it’s worth paying attention to the report’s note about cybercriminals investing more in malware that can run on clouds. For example, malware using the Go language increased by 500 per cent increase in the first six months of 2020, and Linux-related malware families grew 40 per cent. Using open-source malware improves attackers’ profit margins, the report adds.
One surprising finding: For the first time in years, the most successful way victim environments were accessed overall last year was scanning and exploiting for vulnerabilities (35 per cent), surpassing phishing (31 per cent).
The report also breaks down numbers by geographies and industries.
Among the recommendations for better preparing for cyber threats, the report says CISOs should:
- Get in front of threats by leveraging threat intelligence.
- Prepare for attacks with incident response plans — and regularly test those plans.
- Double-check the patch management structure.
- Implement multi-factor authentication to protect accounts. Add further protection with a strategy of least-access privileges.
- Save backups offline and test restore procedures.