in

Asia most targeted region in 2021, taking on one in four cybersecurity attacks

Asia was the most targeted region last year, accounting for one in four cybersecurity attacks launched worldwide. Japan, Australia, and India experienced the most incidents in the region, where server access and ransomware were amongst the most popular forms of attacks.

Financial services and manufacturing organisations also bore the brunt of attacks in Asia, taking on almost 60% of such incidents, according to IBM’s annual X-Force Threat Intelligence Index. IBM Security monitors 150 billion security events daily across more than 130 countries, pulling from data sources such as network and endpoint detection devices, incident response engagements, and phishing kit tracking. 

Finance and insurance companies, in particular, took on 30% of attacks IBM was able to remediate. Manufacturing organisations bore 29% of attacks in the region, followed by professional and business services at 13% and the transport sector at 10%.

Asia took on 26% of cybersecurity attacks IBM observed globally. Japan, in particular, saw significant activities that the tech vendor attributed to the Summer Olympic Games, which were held in Tokyo last July. 

Europe and North America received 24% and 23%, respectively, of attacks launched last year, while the Middle East and Africa took on 14% and Latin America received 13%.  

In Asia, server access attacks and ransomware were the top two forms of attacks last year, accounting for 20% and 11%, respectively, of all incidents. Data theft came in third at 10%, while remote access trojans and adware each accounted for 9% of attacks. 

The high portion of server access attacks might point to Asian organisations’ ability to identify such attacks quickly before they escalated to more critical forms of attacks, IBM noted. 

It added that REvil accounted for 33% of ransomware attacks in Asia, with others such as Bitlocker, Nefilim, MedusaLocker, and Ragnar Locker also surfacing last year.

Hackers also looked to exploit vulnerabilities and tapped phishing as a way to breach businesses in Asia, with both tied as the top infection vectors contributing to 43% of attacks. Brute force was used in 7% of attacks while another 7% of hackers used stolen credentials to gain initial access to networks.  

Worldwide, IBM said there was a 33% climb in attacks brought about by vulnerability exploitation of unpatched software. This led to 44% of ransomware attacks carried out last year. 

Unpatched vulnerabilities in manufacturing companies, specifically, resulted in 47% of attacks. This vertical experienced the most attacks last year, taking on 23% of the overall global count. Financial services and insurance previously had been the most targeted industry, according to IBM. 

“Experiencing more ransomware attacks than any other industry, attackers wagered on the ripple effect that disruption on manufacturing organisations would cause their downstream supply chains to pressure them into paying the ransom,” the report noted. It stressed the need for enterprises to prioritise vulnerability management to mitigate security risks. 

Unpatched vulnerabilities led to half of attacks in Asia, Europe, and MEA last year. 

According to IBM, ransomware remained the top attack method in 2021. In addition, the average lifespan of a ransomware group before it shuttered or rebranded was estimated to be 17 months. The report pointed to REvil, which was responsible for 37% of all ransomware attacks in 2021 and had operated for four years through various rebrands. This suggested the likelihood it had resurfaced despite its takedown in an operation involving multiple governments in mid-2021.

Hackers also had their eyes on cloud environments. The number of new Linux ransomware code climbed 146% last year alongside a shift in target focus towards Docker containers. These activities could make it easier for more threat actors to tap cloud platforms for malicious purposes, IBM warned. 

RELATED COVERAGE


Source: Information Technologies - zdnet.com

Fortinet: Log4j had nearly 50x activity volume of ProxyLogon

Darktrace acquires attack surface analytics firm Cybersprint