Cybercriminals have invested their efforts into breaking supply chains over the past year, with the manufacturing sector now becoming a top target. 

According to IBM’s annual X-Force Threat Intelligence Index, based on security incidents and threat data gathered over 2021, businesses are now being “imprisoned” by the active exploitation of vulnerabilities and the deployment of ransomware. The tech giant’s researchers say that phishing remains the most common attack vector for cyberattacks but there has also been a 33% increase in the use of vulnerabilities against unpatched systems. In total, vulnerability exploits are considered to be responsible for 44% of the reported, known ransomware attacks included in the report.  Supply chain attacks can have severe ramifications: central service providers may be compromised to deploy poisoned software updates to their customer bases, ransomware may be executed to cause as much disruption to vendors as possible, ramping up the pressure to pay, or attacks may be triggered to deliberately wreak havoc in the real world, such as taking down utilities or core services in a target country.  CrowdStrike’s latest threat report says that ransomware attacks leading to data leaks increased from 1,474 in 2020 to 2,686 in 2021 and the most impacted sectors were technology, engineering, manufacturing, and the industrial sector.  This appears to back up IBM’s findings, which says that ransomware operators tried to “fracture” global supply chains by targeting manufacturing, bearing the brunt of 23% of overall attacks.  “Attackers wagered on the ripple effect that disruption on manufacturing organizations would cause their downstream supply chains to pressure them into paying the ransom,” IBM says. 

In total, 47% of cyberattacks against this industry were caused by the exploitation of vulnerabilities in unpatched software. Vulnerabilities disclosed in Industrial Control Systems (ICS) have risen by roughly 50% year-over-year, however, it should be noted that not all bugs are equal — and the ones that matter generally relate to interrupted network visibility, remote hijacking, or damage.  Reconnaissance is also on the rise. As an example, IBM reported a 2,204% increase in the intrusion of internet-connected SCADA Modbus Operational Technology (OT) devices during 2021. According to IBM, the pivot to manufacturing has “dethroned financial services and insurance after a long reign.” Another interesting note in the report is the signs of an increasing focus on cloud environments. Docker is becoming a more common target for threat actors and in total, there has been a 146% increase in new Linux-based ransomware code.  Charles Henderson, Head of IBM X-Force, says that 2021 trends reveal a cultural change from “chasing the money” to “chasing the leverage.” “The attack surface is only growing larger, so instead of operating under the assumption that every vulnerability in their environment has been patched, businesses should operate under an assumption of compromise, and enhance their vulnerability management with a zero-trust strategy,” Henderson commented.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: Forward Air
Trucking and freight transportation logistics company Forward Air said a recent ransomware attack left a dent of $7.5 million in its Q4 financial results.

The sum was described as a loss of revenue from its LTL (less-than-load) trucking business and not costs incurred from dealing with the incident.
The losses stemmed “primarily because of the Company’s need to temporarily suspend its electronic data interfaces with its customers,” Forward Air said in SEC documents filed today.
The ransomware incident, which took place on December 15 last year and was identified as an attack with the Hades ransomware, forced the company to take all of its IT systems offline to deal with the intrusion.
According to a report from trucking news site Freight Waves, the incident led to huge disruptions to ForwardAir’s operations as drivers and employees couldn’t access the necessary documents to clear transports through customs.
Albeit Forward Air said it successfully recovered from the attack, today’s SEC filing and the hefty price the company had to pay for it, shows once again why most security researchers have been preaching prevention rather than a cure for the ransomware problem.
The SEC documents filed today make no mention of Forward Air paying the ransom demand or picking it through a cyber insurance policy.

A report released this week by Coveware, a company that handles ransomware payment negotiations, also mentioned that more and more companies are opting not to pay a ransom demand after learning that ransomware gangs don’t always delete any stolen data.
More and more companies are today opting to rebuild from scratch instead.
Nonetheless, despite a dip in observed payments, 2020 was ransomware’s biggest year. A report from blockchain investigations firm Chainalysis estimated that ransomware gangs made at least $350 million from ransom payments in 2020, up 311% from 2019. More

Google Follow ZDNET: Add us as a preferred source<!–> on Google. ZDNET’s key takeaways Google’s new enhanced autofill can store and fill in more types of info. You can save your driver’s license, passport number, and more. Although the data is encrypted, you’ll still want to take precautions. Filling out an online form that requests […] More

ESET has been forced to fend off a DDoS attack facilitated by a malicious news app hosted in the Google Play Store.  On Monday, ESET researcher Lukas Stefanko described how the app, named “Updates for Android,” promised users a free daily news feed. The app appeared to gather good reviews with an overall score of […] More

Two companies that provide Usenet services have disclosed security breaches today. The two companies, UseNeXT and Usenet.nl, blamed the breaches on “a security vulnerability at a partner company.” Neither UseNeXT nor Usenet.nl have named the third-party company whose software enabled the intrusion. It is unclear if this is referring to a Usenet desktop client or […] More