IBM Report: Cybercriminals Most Heavily Targeted Manufacturing in 2021

A new IBM report shows manufacturing was the most targeted industry for cyberattacks in 2021.

The annual IBM X-Force Threat Intelligence Index report unveils how ransomware and vulnerability exploitations together were able to “imprison” businesses in 2021, further burdening global supply chains.

While phishing was the most common cause of cyberattacks in general in the past year, IBM Security X-Force saw a 33% increase in attacks caused by vulnerability exploitation of unpatched software. Ransomware actors relied more on vulnerability exploitation than any other entry point to carry out their attacks in 2021. That accounted for 44% of ransomware attacks.

Manufacturing dethroned financial services and insurance as the most attacked industry. Ransomware actors attempted to “fracture” the backbone of global supply chains with attacks on manufacturing.

Forty-seven percent of attacks on manufacturing were due to vulnerabilities that victim organizations had not yet or could not patch, according to the IBM report. This highlights the need for organizations to prioritize vulnerability management.

What Makes Manufacturing a Lucrative Target

Charles DeBeck is senior cyber threat intelligence analyst with IBM Security X-Force.

IBM’s Charles DeBeck

“The increased pressure on supply chains made manufacturing a particularly potent industry from a criminal perspective, as the high uptime requirements for operations, meaning that every second operations are disrupted cost them money, makes the potential for payout even greater,” he said. “Criminals always want to target organizations that need to pay. And these circumstances made manufacturing a particularly juicy target in 2021.”

It’s clear these attacks are having an impact on the bottom line, DeBeck said. That’s because following a ransomware attack many manufacturing businesses are increasing prices either in an attempt to recover losses/cyber cost or as a result of supply shortages. And those costs are being passed on to consumers. For example, by the end of 2021, ground beef prices rose 10% following the JBS ransomware attack.

“With no shortage of payouts, ransomware continues to be a lucrative business,” he said. “There are just over $692 million in 2021 ransomware payments — nearly double the amount Chainanalysis initially identified in 2020, according to its data as of January 2022. And even though we’re seeing heightened government focus and takedowns of ransomware gangs, they are simply rebranding or rebuilding by dipping into the ransom funds they’ve amassed.”

Key IBM Report Findings

Other key highlights from the IBM report include:

• Ransomware persisted as the top attack method observed in 2021. Ransomware groups showed no sign of stopping, despite the uptick in ransomware takedowns. The average lifespan of a ransomware group before shutting down or rebranding is 17 months.
• For businesses in Europe, Asia and MEA, unpatched vulnerabilities caused about 50% of attacks in 2021.
• Cybercriminals are laying the groundwork to target cloud environments. The IBM report revealed a 146% increase in new Linux ransomware code and a shift to Docker-focused targeting. That could make it easier for more threat actors to leverage cloud environments for malicious purposes.

Among regions, Asia saw more cyberattacks than any other in the past year. Financial services and manufacturing organizations together experienced nearly 60% of attacks in Asia.

DeBeck did say the report highlights some positive developments.

“The use of stolen or compromised credentials was the third most common initial infection vector attackers relied on to infiltrate victim environments, at 9%,” he said. “The use of this method continues to drop year over year, from 29% in 2019 to 18% in 2020 and now 9% in 2021. It’s possible this downward trend is associated to the rise of multifactor authentication (MFA), and identity and access management (IAM) tools in recent years, which the pandemic has accelerated.”

Additionally, law enforcement takedowns of ransomware gangs is making it more expensive for them to operate, DeBeck said.