Windy Haven USA Inc.

Other Findings: Asia Pacific Now Most Attacked Region; Average Lifespan of Ransomware Groups is 17 Months; Vishing Triples Phishing Click Rate

CAMBRIDGE, Mass., Feb. 23, 2022 — IBM Security today released its annual X-Force Threat Intelligence Index unveiling how ransomware and vulnerability exploitations together were able to “imprison” businesses in 2021 further burdening global supply chains, with manufacturing emerging as the most targeted industry. While phishing was the most common cause of cyberattacks in general in the past year, IBM Security X-Force observed a 33% increase in attacks caused by vulnerability exploitation of unpatched software, a point of entry that ransomware actors relied on more than any other to carry out their attacks in 2021, representing the cause of 44% of ransomware attacks.

The 2022 report details how in 2021 ransomware actors attempted to “fracture” the backbone of global supply chains with attacks on manufacturing, which became 2021’s most attacked industry (23%), dethroning financial services and insurance after a long reign. Experiencing more ransomware attacks than any other industry, attackers wagered on the ripple effect that disruption on manufacturing organizations would cause their downstream supply chains to pressure them into paying the ransom. An alarming 47% of attacks on manufacturing were caused due to vulnerabilities that victim organizations had not yet or could not patch, highlighting the need for organizations to prioritize vulnerability management.

The 2022 IBM Security X-Force Threat Intelligence Index maps new trends and attack patterns IBM Security observed and analyzed from its data – drawing from billions of datapoints ranging from network and endpoint detection devices, incident response engagements, phishing kit tracking and more –­ including data provided by Intezer.

Some of the top highlights in this year’s report include:

• Ransomware Gangs Defy Takedowns. Ransomware persisted as the top attack method observed in 2021, with ransomware groups showing no sign of stopping, despite the uptick in ransomware takedowns. According to the 2022 report, the average lifespan of a ransomware group before shutting down or rebranding is 17 months.
• Vulnerabilities Expose Businesses’ Biggest “Vice”. X-Force reveals that for businesses in Europe, Asia and MEA, unpatched vulnerabilities caused approximately 50% of attacks in 2021, exposing businesses’ biggest struggle– patching vulnerabilities.
• Early Warning Signs of Cyber Crisis in the Cloud. Cybercriminals are laying the groundwork to target cloud environments, with the 2022 report revealing a 146% increase in new Linux ransomware code and a shift to Docker-focused targeting, potentially making it easier for more threat actors to leverage cloud environments for malicious purposes.

“Cybercriminals usually chase the money. Now with ransomware they are chasing leverage,” said Charles Henderson, Head of IBM X-Force. “Businesses should recognize that vulnerabilities are holding them in a deadlock – as ransomware actors use that to their advantage. This is a non-binary challenge. The attack surface is only growing larger, so instead of operating under the assumption that every vulnerability in their environment has been patched, businesses should operate under an assumption of compromise, and enhance their vulnerability management with a zero trust strategy.”

The “Nine Lives” of Ransomware Groups
Responding to the recent acceleration of ransomware takedowns by law enforcement, ransomware groups may be activating their own disaster recovery plans. X-Force’s analysis reveals that the average lifespan of a ransomware group before shutting down or rebranding is 17 months. For example, REvil which was responsible for 37% of all ransomware attacks in 2021, persisted for four years through rebranding, suggesting the likelihood it resurfaces again despite its takedown by a multi-government operation in mid 2021.

While law enforcement takedowns can slow down ransomware attackers, they are also burdening them with the expenses required to fund their rebranding or rebuild their infrastructure. As the playing field changes, it’s important that organizations modernize their infrastructure to place their data in an environment that can help safeguard it – whether that be on-premises or in clouds. This can help businesses manage, control, and protect their workloads, and remove threat actors’ leverage in the event of a compromise by making it harder to access critical data in hybrid cloud environments.

Vulnerabilities Become an Existential Crisis for Some
The X-Force report highlights the record high number of vulnerabilities disclosed in 2021, with vulnerabilities in Industrial Control Systems rising by 50% year-over-year. Although more than 146,000 vulnerabilities have been disclosed in the past decade, it’s only been in recent years that organizations accelerated their digital journey, largely driven by the pandemic, suggesting that the vulnerability management challenge has yet to reach its peak.

At the same time, vulnerability exploitation as an attack method is growing more popular. X-Force observed a 33% increase since the previous year, with the two most exploited vulnerabilities observed in 2021 found in widely used enterprise applications (Microsoft Exchange, Apache Log4J Library). Enterprises’ challenge to manage vulnerabilities may continue to exacerbate as digital infrastructures expand and businesses can grow overwhelmed with audit and upkeep requirements, highlighting the importance of operating on the assumption of compromise and applying a zero trust strategy to help protect their architecture.

Attackers Target Common Grounds Amongst Clouds
In 2021, X-Force observed more attackers shifting their targeting to containers like Docker – by far the most dominant container runtime engine according to RedHat. Attackers recognize that containers are common grounds amongst organizations so they are doubling down on ways to maximize their ROI with malware that can cross platforms and can be used as a jumping off point to other components of their victims’ infrastructure.

The 2022 report also sounds caution on threat actors’ continued investment into unique, previously unobserved, Linux malware, with data provided by Intezer revealing a 146% increase in Linux ransomware that has new code. As attackers remain steady in their pursuit of ways to scale operations through cloud environments, businesses must focus on extending visibility into their hybrid infrastructure. Hybrid cloud environments that are built on interoperability and open standards can help organizations detect blind spots and accelerate and automate security responses.

Additional findings from the 2022 report include:

• Asia Leads Attacks – Experiencing over 1 in 4 attacks that IBM observed globally in 2021, Asia saw more cyberattacks than any other region in the past year. Financial services and manufacturing organizations together experienced nearly 60% of attacks in Asia.
• First Time Caller, Long Time Phisher – Phishing was the most common cause of cyberattacks in 2021. In X-Force Red’s penetration tests, the click rate in its phishing campaigns tripled when combined with phone calls.

The report features data IBM collected globally in 2021 to deliver insightful information about the global threat landscape and inform security professionals about the threats most relevant to their organizations. You can download a copy of the 2022 IBM Security X-Force Threat Intelligence Index here.

Additional Sources

• Sign up for the 2022 IBM Security X-Force Threat Intelligence Index webinar on Thursday, March 3, 2022, at 11:00 a.m. ET here.
• Read a blog post from the report authors to learn more about three of the report’s top findings, on the IBM Security Intelligence blog.

Other Findings: Asia Pacific Now Most Attacked Region; Average Lifespan of Ransomware Groups is 17 Months; Vishing Triples Phishing Click Rate

CAMBRIDGE, Mass., Feb. 23, 2022 — IBM Security today released its annual X-Force Threat Intelligence Index unveiling how ransomware and vulnerability exploitations together were able to “imprison” businesses in 2021 further burdening global supply chains, with manufacturing emerging as the most targeted industry. While phishing was the most common cause of cyberattacks in general in the past year, IBM Security X-Force observed a 33% increase in attacks caused by vulnerability exploitation of unpatched software, a point of entry that ransomware actors relied on more than any other to carry out their attacks in 2021, representing the cause of 44% of ransomware attacks.

The 2022 report details how in 2021 ransomware actors attempted to “fracture” the backbone of global supply chains with attacks on manufacturing, which became 2021’s most attacked industry (23%), dethroning financial services and insurance after a long reign. Experiencing more ransomware attacks than any other industry, attackers wagered on the ripple effect that disruption on manufacturing organizations would cause their downstream supply chains to pressure them into paying the ransom. An alarming 47% of attacks on manufacturing were caused due to vulnerabilities that victim organizations had not yet or could not patch, highlighting the need for organizations to prioritize vulnerability management.

The 2022 IBM Security X-Force Threat Intelligence Index maps new trends and attack patterns IBM Security observed and analyzed from its data – drawing from billions of datapoints ranging from network and endpoint detection devices, incident response engagements, phishing kit tracking and more –­ including data provided by Intezer.

Some of the top highlights in this year’s report include:

• Ransomware Gangs Defy Takedowns. Ransomware persisted as the top attack method observed in 2021, with ransomware groups showing no sign of stopping, despite the uptick in ransomware takedowns. According to the 2022 report, the average lifespan of a ransomware group before shutting down or rebranding is 17 months.
• Vulnerabilities Expose Businesses’ Biggest “Vice”. X-Force reveals that for businesses in Europe, Asia and MEA, unpatched vulnerabilities caused approximately 50% of attacks in 2021, exposing businesses’ biggest struggle– patching vulnerabilities.
• Early Warning Signs of Cyber Crisis in the Cloud. Cybercriminals are laying the groundwork to target cloud environments, with the 2022 report revealing a 146% increase in new Linux ransomware code and a shift to Docker-focused targeting, potentially making it easier for more threat actors to leverage cloud environments for malicious purposes.

“Cybercriminals usually chase the money. Now with ransomware they are chasing leverage,” said Charles Henderson, Head of IBM X-Force. “Businesses should recognize that vulnerabilities are holding them in a deadlock – as ransomware actors use that to their advantage. This is a non-binary challenge. The attack surface is only growing larger, so instead of operating under the assumption that every vulnerability in their environment has been patched, businesses should operate under an assumption of compromise, and enhance their vulnerability management with a zero trust strategy.”

The “Nine Lives” of Ransomware Groups
Responding to the recent acceleration of ransomware takedowns by law enforcement, ransomware groups may be activating their own disaster recovery plans. X-Force’s analysis reveals that the average lifespan of a ransomware group before shutting down or rebranding is 17 months. For example, REvil which was responsible for 37% of all ransomware attacks in 2021, persisted for four years through rebranding, suggesting the likelihood it resurfaces again despite its takedown by a multi-government operation in mid 2021.

While law enforcement takedowns can slow down ransomware attackers, they are also burdening them with the expenses required to fund their rebranding or rebuild their infrastructure. As the playing field changes, it’s important that organizations modernize their infrastructure to place their data in an environment that can help safeguard it – whether that be on-premises or in clouds. This can help businesses manage, control, and protect their workloads, and remove threat actors’ leverage in the event of a compromise by making it harder to access critical data in hybrid cloud environments.

Vulnerabilities Become an Existential Crisis for Some
The X-Force report highlights the record high number of vulnerabilities disclosed in 2021, with vulnerabilities in Industrial Control Systems rising by 50% year-over-year. Although more than 146,000 vulnerabilities have been disclosed in the past decade, it’s only been in recent years that organizations accelerated their digital journey, largely driven by the pandemic, suggesting that the vulnerability management challenge has yet to reach its peak.

At the same time, vulnerability exploitation as an attack method is growing more popular. X-Force observed a 33% increase since the previous year, with the two most exploited vulnerabilities observed in 2021 found in widely used enterprise applications (Microsoft Exchange, Apache Log4J Library). Enterprises’ challenge to manage vulnerabilities may continue to exacerbate as digital infrastructures expand and businesses can grow overwhelmed with audit and upkeep requirements, highlighting the importance of operating on the assumption of compromise and applying a zero trust strategy to help protect their architecture.

Attackers Target Common Grounds Amongst Clouds
In 2021, X-Force observed more attackers shifting their targeting to containers like Docker – by far the most dominant container runtime engine according to RedHat. Attackers recognize that containers are common grounds amongst organizations so they are doubling down on ways to maximize their ROI with malware that can cross platforms and can be used as a jumping off point to other components of their victims’ infrastructure.

The 2022 report also sounds caution on threat actors’ continued investment into unique, previously unobserved, Linux malware, with data provided by Intezer revealing a 146% increase in Linux ransomware that has new code. As attackers remain steady in their pursuit of ways to scale operations through cloud environments, businesses must focus on extending visibility into their hybrid infrastructure. Hybrid cloud environments that are built on interoperability and open standards can help organizations detect blind spots and accelerate and automate security responses.

Additional findings from the 2022 report include:

• Asia Leads Attacks – Experiencing over 1 in 4 attacks that IBM observed globally in 2021, Asia saw more cyberattacks than any other region in the past year. Financial services and manufacturing organizations together experienced nearly 60% of attacks in Asia.
• First Time Caller, Long Time Phisher – Phishing was the most common cause of cyberattacks in 2021. In X-Force Red’s penetration tests, the click rate in its phishing campaigns tripled when combined with phone calls.

The report features data IBM collected globally in 2021 to deliver insightful information about the global threat landscape and inform security professionals about the threats most relevant to their organizations. You can download a copy of the 2022 IBM Security X-Force Threat Intelligence Index here.

Additional Sources

• Sign up for the 2022 IBM Security X-Force Threat Intelligence Index webinar on Thursday, March 3, 2022, at 11:00 a.m. ET here.
• Read a blog post from the report authors to learn more about three of the report’s top findings, on the IBM Security Intelligence blog.

Designed to provide consistent, quick responses to frequently asked customer questions

MARKHAM, ON, Feb. 9, 2022 — Investors looking to diversify their portfolios and coin collectors looking to add a new treasure to their collection are familiar with the benefits and value that precious metals can offer. To help make the purchasing process easier, IBM worked with TD Securities to launch an AI-based virtual assistant powered by IBM Watson Assistant that can help customers with inquiries on the TD Precious Metals digital store, including frequently asked questions.

The TD Precious Metals digital store allows customers to buy physical gold, silver and platinum bullion and coins online from the comfort of their home. The new virtual assistant, now available as a feature on the TD Precious Metals digital store, provides customers with a convenient self-service option, available 24/7, for frequently asked questions about TD Precious Metals. Customers type their questions into the virtual assistant and receive an instant written response, along with links to help further assist them.

“We know our customers are looking for an enhanced digital experience and the new virtual assistant will provide quick responses to help customers feel confident in their purchasing decisions,” says James Wolanski, Managing Director, Head of Retail & Wealth Distribution & Product Innovation, TD Securities. “Our TD Precious Metals Support Desk will remain available for any inquiry that may require additional support or a human touch.”

“With rapid acceleration of digital transformation, businesses need to enhance their services using AI-powered intelligent workflows. The use of AI to automate tasks can drive greater efficiency and strengthen customer relationships,” said Daniel Cascone, Financial Services Sector Leader for IBM Canada. “We are working with TD Securities to enrich overall customer experience with the power of innovative technology like conversational AI through the IBM Watson-powered AI virtual assistant.”

The new AI-powered virtual assistant can help customers with questions related to pricing, delivery options, and shipping, such as:

• How is pricing determined?
• Is there a minimum or maximum product count or dollar value when making a purchase?
• What delivery options does TD offer?
• How will my items be shipped?

TD digital and technology teams have worked closely with commerce and system integration experts from IBM Consulting to develop and fully integrate the virtual assistant into the TD Precious Metals digital store via the IBM Garage Methodology, a collaborative approach to fast-track innovation and drive meaningful, lasting transformation. Future iterations of the virtual assistant are planned to further improve the customer experience by incorporating additional enhancements and functionalities.

Nearly half of businesses (43%) surveyed accelerated their rollout of AI over the last year, according to IBM’s 2021 Global AI Adoption Index, as organizations looked to virtual assistants to manage swelling call volumes and other similar pathways to automation. According to the same Index, 80% of companies surveyed said they had plans to roll out some form of automation software over the next 12 months.

IBM was positioned as a Leader in the newly published 2022 Gartner® Magic Quadrant^TM for Enterprise Conversational AI Platforms for its IBM Watson Assistant. IBM Watson Assistant uses AI designed to understand customers in context to provide fast, consistent, and accurate answers across applications, devices, or channels. IBM Watson Assistant has been deployed by clients around the world and across a range of industries to deliver powerful customer care experiences such as responding to time sensitive COVID-19 inquiries, helping citizens get more information on voting procedures, helping insurers provide more personalized services, and more.