Cyber attacks place COVID-19 relief efforts in jeopardy
Cyber criminals are threatening efforts to contain COVID-19, as attacks are now pivoting to institutions providing solutions to battle the deadly virus, a new report shows.
The 2021 X-Force Threat Intelligence Index by IBM Security says targets for attacks include hospitals, medical and pharmaceutical manufacturers, as well as energy companies powering the COVID-19 supply chain.
The report highlights how cyber attacks evolved in 2020 as cyber criminals sought to profit from the “unprecedented socio-economic, business and political challenges” brought on by the COVID-19 pandemic.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries, including South Africa, the UAE, Saudi Arabia and Turkey in the Middle East and Africa.
According to the report, cyber attacks on healthcare, manufacturing and energy doubled from the prior year, with threat actors targeting organisations that could not afford downtime due to the risks of disrupting medical efforts or critical supply chains.
“In fact, manufacturing and energy were the most attacked industries in 2020, second only to the finance and insurance sector. Contributing to this was attackers taking advantage of the nearly 50% increase in vulnerabilities in industrial control systems, which manufacturing and energy both strongly depend on,” IBM says.
In the Middle East and Africa region, it says, data theft and data leaks were by far the most common attack types, accounting for a significant 29% of attacks.
Server access, ransomware and credential theft all tied for second place, representing 14% of attacks each.
The report says attackers in the region also continued to gain access to systems through remote access Trojans and misconfiguration, while insider incidents also affected organisations across the Middle East and Africa.
“The unexpected developments of the past year led organisations to accelerate their digital transformation efforts to ensure business agility and continuity. This also meant organisations were required to invest in new technologies and processes that guarantee a more comprehensive approach to security,” says Sheldon Hand, data and AI, automation and security BU leader, IBM Southern Africa.
“Organisations’ rapidly expanding digital footprint, coupled with the adaptability and resourcefulness of cyber adversaries, only highlighted the need for security to be a core item on every business’s agenda.”
Other key highlights of the report include a 40% increase in Linux-related malware families in the past year, and a 500% increase in Go-written malware in the first six months of 2020.
The report notes attackers are accelerating a migration to Linux malware, which can more easily run on various platforms, including cloud environments.
According to the report, ransomware was the cause of nearly one in four attacks that X-Force responded to in 2020, with attacks aggressively evolving to include double extortion tactics.