Ransomware ranks top attack type in Canada last year: IBM report

Ransomware ranks top attack type in Canada last year: IBM report

According to an analysis by the tech giant, ransomware was the cause of nearly 60 percent of attacks on Canadian IBM customers last year.

The figure comes from IBM's X-Force Cybercity Unit's annual Threat Intelligence Index for 2020.

The report stated that ransomware was by far the top attack type in Canada, with 57 percent of the attack types being attacked. When compared globally, only one of the four attacks seen last year was ransomware.

IB security partner Ray Boisvert says the success of the ransomware group's turn to double extortion - where attackers threaten to embarrass victims by releasing stolen data in addition to encrypting data - is a key factor.

IBM estimates that the Sodinokibi group earned US $ 123 million globally with this strategy, with about two-thirds of the victims paying ransom.

"We see a lot more targeted attacks than blanket ransomware," Boisvert said.

Other Canadian data cited in the Threat Intelligence Index for 2020

The retail (41 percent) and finance and insurance (33 percent) sectors were the top industries targeted in Canada, followed by government and transportation (8 percent each of strikes).

The percentage of attacks in the healthcare sector was 6.6, but doubled in 2019. Ransomware accounted for 28 percent of attacks on the health sector. In 20 percent of healthcare sector attacks, known Citrix vulnerabilities were exploited.

COVID-19 response efforts were often targeted. IBM says it attacked important global supply chains linked to PPE procurement efforts and vaccine cold chain distribution. "Epidemic topics remain a great opportunity" with COVID on the minds of many people in search of news.

 

The report also pointed out that the increasing number of people working from home means that the number of at-risk actors may be lower than for corporate firewalls. The quick turnaround by many organizations to cloud-based solutions opened many unsafe doors.

Boisvert says it's worth paying attention to information that invests more in malware about cybercriminals that can run on clouds. For example, malware using the Go language grew by 500 percent in the first six months of 2020, and Linux-related malware families grew by 40 percent. The report says that using open-source malware improves the profit margins of attackers.

An astonishing discovery: For the first time in years, the most successful way to reach a victimized environment was last year by phishing (35 percent), scanning and exploiting phishing (31 percent).

The number of geographies and industries is also low in the report.

Amid recommendations for better preparedness for cyber threats, the report states that CISO should:

Get in the face of threats by taking advantage of threat intelligence.

Prepare for attacks with incident response plans - and test those plans regularly.

Double check the patch management structure.

Implement multi-factor authentication to protect accounts. Add further protection with a strategy of least access privilege.

Save backup offline and restore processes.