Cybercriminals went after companies involved in Covid-19 response, IBM report finds

A computer security study by IBM finds companies and organizations involved in responding to the Covid-19 pandemic were attacked by cybercriminals twice as often during 2020 as were those in other sectors.

IBM’s experts found that cyberattacks were focused on businesses heavily involved in Covid-19 response efforts, such as hospitals, medical and pharmaceutical manufacturers, as well as energy companies that helped keep the supply chain functioning.

“In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note. Many organizations were pushed to the front lines of response efforts for the first time, whether to support Covid-19 research, uphold vaccine and food supply chains or produce personal protective equipment,” said Nick Rossmann, global threat intelligence lead for IBM’s Security X-Force.

The IBM X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries.

The report found cybercriminals were doing more to attack computer systems using Linux software because they’ve found that malware written using Linux can more easily run on various platforms.

The report also found an increase in cybercriminals sending out materials that spoof top brands in an effort to fool more people into opening their malware. Amazon, PayPal, Adidas, YouTube and Facebook were among the brands most-often spoofed by cybercriminals.

Ransomware attacks accounted for nearly 25% of the attacks examined by IBM’s X-Force team during 2020. In ransomware, cyberattackers take over a computer system and encrypt all of the content, requiring payment of a ransom in order to unlock everything to make the computer system usable again. The ransomware group known as Sodinokibi was estimated by IBM to have taken in $123 million during 2020, with approximately two-thirds of its victims paying a ransom.

The X-Force report also found that attacks on cloud-based systems have accelerated. In addition, nearly 60% of ransomware attacks used a double extortion strategy whereby attackers encrypted, stole and then threatened to leak data if the ransom wasn’t paid.

The report revealed that 31% of the attacks involved phishing, such as where the victim is fooled into sending personal or financial information in response to emails sent by cybercriminals.

Comments are closed.