IBM’s annual security report on cyber threats found that supply chains were particularly targeted by digital attacks in 2021. However, an already emerging trend suggests that this focus will increasingly shift to the manufacturing sector in the future.
IBM’s threat index: risks from the web
Every year, the American software company IBM and a team of security experts examine the current threats from the digital space. For their annual X-Force threat analysis, data from attacks that have actually taken place are evaluated. From the information thus obtained, recommendations for action are derived to help users arm themselves against future attacks.
Supply chain attacks for maximum damage
According to IBM experts, the particularly massive attacks on distribution channels in 2021 can be explained primarily by their intended knock-on effects. Attackers assumed that the more destructive they could make their attacks on supply chains, the more upstream and downstream sectors of the economy would be affected.
In their own interests, these would then increase the pressure on the original victims to such an extent that they would have little choice but to pay the demanded ransom sums. This fate now also seems to be awaiting many companies especially from the industrial, technology, engineering and manufacturing sectors.
Ransomware against businesses
A trend that has been observed for some time is that of companies increasingly being attacked by ransomware. Originally, it was only a matter of finding backdoors or building some in oneself, with which networks could be infiltrated for data theft or bot integrations. Now the focus of attackers is increasingly shifting to locking business operators out of their own operating structures.
Data release only after ransom payment
Vulnerabilities in systems or careless employees are used to infiltrate malware that either encrypts everything or very sensitive areas and only releases them again after payment of a ransom. The IBM index found that phishing attacks still make up the bulk of attack scenarios. At the same time, however, the proportion of ransomware deployments against inadequately secured networks has increased by 33 percent. Exploitation of vulnerabilities that are already known but have not yet been closed even accounted for a share of 44 percent.
Zero Trust strategy against growing threats
IBM notes an increasing cultural change in digital attacks in the face of the rapidly growing threat situation from the network. While attackers used to be more interested in making a quick buck, this is now changing dramatically. The attacks are getting bigger and more destructive. Increasingly, they are aimed at getting at key points of critical systems that give the intruders much more control than ever before.
To counter this disturbing trend, IBM believes the only way forward is a zero trust strategy. Many of the systems that enterprises work with today have an increasing number of leaks. Some of these have been widely known for years, but are often inadequately fixed. Others are known to a few who either use them themselves or sell them for profit to third parties.
Still others are still undiscovered and pop up whenever they are used as gateways. Therefore, the only thing network operators can really do today is to no longer trust any software, technology or user group. Everything should be regarded as potentially compromised and treated accordingly in everyday life.