X-Force Threat Intelligence Index 2022

Every year, Security X-Force®, IBM’s team integrated by cybersecurity experts, publishes the X-Force Threat Intelligence Index, a statistical report about the millions of threats that contribute to mitigate your products and services portfolio against cybercrime. The results of this work – including compiled data from January to December 2021- represent the current and most urgent cybersecurity trends and the new pattern attacks.

Once again, and together with Fabio Sanchez, Cybersecurity Practice director at OCP TECH, we analyzed a phenomenon that is taking place in every country of the world: Ransomware.

To X-Force, we live in a time of chaos, where people keep struggling with the pandemic and its variants, where the way in which we work keeps changing constantly and where the world experiences geopolitical issues that create a generalized atmosphere of distrust. It is precisely during chaotic times where cybercrimes thrive.

The X-Force’s report confirms the fears that, not only CEOs, but also IT managers expressed at Allianz’s Risk Barometer last month: ransomware was the main attack used in 2021. The proportion of this modality was about 21% of its total, only 2% less than last year. The most important ransomware attacker was a Russian group named Revil (also known as Sodinokibi) that was, apparently, dismantled in January 2022. They were also responsible for 37% of all ransomware attacks (on average, these groups that use ransomware are active for 17 months).

Supply chains at risk

Another of the most important observations in the X-Force report is the increase in the attempts to violate supply chains’ security. After the executive order from Biden’s administration about cybersecurity, this was put in the forefront of every government in the world. The X-Force team revealed that the manufacturing industry was the most attacked sector in 2021 (in detriment to the financial, which had been last year), with 23,3% of every attack registered, being ransomware the main one.

Phishing is still the preferred method for ransomware, and it was used in 41% of cases regarding seizing of data in 2021. The most imitated brands by the cybercriminals were Microsoft, Apple, and Google, not because of their higher vulnerability, but because the attackers seek to capitalize its popularity and the trust that many users have on these important brands. There were also high efficiency phishing cases where deceit and phone calls were combined (also known as vishing or voice phishing).

For the first time, Asia, with 26% of the total, was the most attacked continent. Europe and North America follow with 24% and 23%, respectively.

X-Force noticed an increase in the number of organizations that have successfully implemented Multi Factor Authentication (MFA), forcing cybercriminals to search for new ways to compromise and attack networks, instead of using stolen passwords and, in that way, diminishing the effectiveness of seize and control of emails campaign. MFA may diminish the risk of different attacks, including ransomware, data theft, BEC (Business Email Compromise) and others. The use of identity and access management technologies makes it easier and faster, for IT’s team, to implement MFA on different organizations, and easier to adopt and use by the customers and users.

Although Latin America was the least affected area in 2021 (13%), it was, however, the most attacked using BEC and where MFA is less common. It is an attack through phishing, where the cybercriminal pretends to be an executive from a company and tries to make an employee or client, transfer funds or confidential information. This fraud modality has been exponentially growing in the area since 2019, when this type of attack only represented 0%, which means that the attackers will pay more attention to Latin Americans and will use newer and more creative forms of threats.

The main type of attack in Latin America in 2021 was, like everywhere else, ransomware (29%), followed by BEC (21%) and collection of credentials (21%). REvil was responsible for 50% of the total of all the attacks that took place last year.

In 2021, the manufacturing industry was the most affected sector in Latin America with (22%), followed by retail and wholesale trade (20%), finance and insurance (15%) and mining (11%). In addition, many sectors in business and energy services were affected -in a minor extent- by these attacks, especially in Brazil, Mexico, and Peru. The X-Force report notices a new interest in this type of industries, which will surely mean an upgrade on systems to prevent this modality from rising in 2022.

The execution of Multifactor authentication methods (MFA) on every entry point of a network.

Back to Trends