IBM published its tenth X-Force Threat Intelligence Index last week unveiling phishing attacks as the primary threat vector in the past year, with manufacturing emerging as the most targeted sector. IBM security analysts spotted a 33% surge in attacks caused by vulnerability exploitation of Log4Shell, a point of entry that malicious actors relied on more than any other to launch their assaults in 2021, representing the cause of 44% of ransomware attacks.
The 2022 Threat Intelligence Index was compiled from billions of data points, ranging from network and endpoint detection devices, incident response engagements, phishing kits, and domain name tracking. It was revealed that threat actors employed phishing in 41% of attacks, surging from 2020 when it was responsible for 33% of attacks. Interestingly, click rates for the average targeted phishing campaign surged nearly three-fold, from 18% to 53% when phone phishing (vishing) was also employed by malicious actors.
The X-Force report highlights the record-high number of vulnerabilities unearthed in 2021, including a vulnerability in the Kaseya monitoring software that was exploited by REvil in July, and the Log4j (or Log4Shell) vulnerability in Apache’s popular logging library.
Cybercriminals from across the globe were so quick to exploit Log4j that it occupied the number two spot on the X-Force top 10 lists of most exploited vulnerabilities in 2021, despite only being discovered in December last year. The top vulnerability was a flaw in Microsoft Exchange that allowed attackers to bypass authentication to impersonate an administrator.
Additionally in the UK, nearly 80% of users received a malicious call or text last year. To counter the threat, regulator Ofcom published new guidelines this week which will require more proactive work from operators to root out the use of spoofed numbers.
“X-Force observed actors leveraging multiple known vulnerabilities, such as CVE-2021-35464 (a Java deserialization vulnerability) and CVE-2019-19781 (a Citrix path traversal flaw), to gain initial access to networks of interest. In addition, we observed threat actors leverage zero-day vulnerabilities in major attacks like the Kaseya ransomware attack and Microsoft Exchange Server incidents to access victim networks and devices,” researchers explained.
To mitigate the risks, researchers advised organizations to update their vulnerability management system, identify security loopholes, and prioritize vulnerabilities based on the likelihood they will be abused.
