You are currently viewing Lessons Learned from 2022 Cyberattacks: X-Force Threat Intelligence Report

Lessons Learned from 2022 Cyberattacks: X-Force Threat Intelligence Report

Each year, IBM Security X-Force’s team of cybersecurity experts mine billions of data points to reveal today’s most pressing security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 examines attack types, infection vectors, top threat actors, malware trends, and industry-specific insights.

This year, a new industry has taken the infamous number one spot: manufacturing. For the first time in more than five years, finance and insurance were not the most heavily attacked sectors in 2021, as the manufacturing industry slightly overtook them. Here is a breakdown of the top five targeted industries and what businesses need to know about each.

#1 Manufacturing

For the first time since 2016, manufacturing was the most attacked industry in 2021, targeted in 23.2% of attacks processed by X-Force.

Accounting for 23% of attacks, ransomware was the top attack type, exposing the high focus that ransomware actors place on manufacturing. Server access attacks came in second at 12%, which could represent some failed attack operations. Business email compromise (BEC) and data theft tied for third at 10% each.

BEC attacks often seek to take advantage of manufacturers’ relationships with suppliers, subcontractors and wholesalers. Threat actors redirect payments between partners to accounts under the control of BEC attackers. Meanwhile, data theft efforts may focus on stealing sensitive intellectual property or holding data for ransom.

#2 Finance and Insurance

Attackers hit financial and insurance companies in 22.4% of attacks remediated by X-Force in 2021. Compared to previous years, the financial sector’s attack rate has decreased. This suggests that financial companies are putting in place stricter standards. Additionally, financial services are using hybrid cloud environments, which improve data visibility and management.

Server access breaches (14%) were found to be the top type of attack against financial and insurance companies. This is followed by ransomware, misconfigurations and fraud, all reaching 10%. Meanwhile, phishing was the most common infection vector for financial services, driving 46% of attacks against this sector in 2021.

#3 Professional and business services

Professional services include IT vendors, law firms, architects, accountants and consultants. Business services include office administration, human resources, security services, travel assistance and landscaping. Professional and business services firms accounted for 12.7% of all attacks observed in 2021.

Ransomware was the top attack type for this industry, accounting for 32% of all attacks observed by X-Force. Server access attacks were the second most common attack type (19%). A decrease in ransomware attacks in the fourth quarter suggests that professional services firms are doing better at thwarting ransomware attacks. Exploitation of vulnerabilities accounted for 50% of incidents and phishing an additional 20% in this sector.

#4 Energy

The energy industry was the fourth most attacked in 2021, with 8.2% of all observed attacks. The X-Force report speculates that threat actors turned their attention away from energy entities for a brief period for fear of retaliation for the May 2021 Colonial Pipeline ransomware attack. But attack rates appear to be increasing since september.

Ransomware (25%) was the most common type of attack against energy organizations in 2021. Next came Remote Access Trojans (RATs), Direct Denial of Service, and BEC, all tied in second place (17%). Phishing was the most common attack vector, accounting for around 60% of attacks against the energy sector. Exploitation of the vulnerability accounted for the remaining 40% of incidents.

#5 Retail and wholesale

Retail and wholesale were the fifth most targeted in X-Force’s 2022 ranking. Overall, the sector faced 7.3% of all attacks. Within the sector, retail accounted for 35% and wholesale 65% of attacks. Threat actors may have focused more on wholesaler groups because of their role in supply chains.

BEC, server access, data theft, and credential harvesting were the top types of retail and wholesale attacks last year. Ransomware and banking Trojans also accounted for a large number of attacks, followed by RATs, misconfigurations and fraud. Phishing was the industry’s top infection vector, accounting for 38% of attacks. Stolen credentials were the second most common vector at 31%. Meanwhile, exploiting vulnerabilities accounted for another 23% and brute force another 8%.

Adapt and thrive

The threat landscape is constantly changing and each sector has its own challenges. Overall, ransomware continues to be the top threat across most industries. As the improvement in finance and insurance shows, efforts to strengthen digital defenses lead to concrete results against established and emerging threats.

Leave a Reply