Global supply chains are bearing the brunt of ransomware attacks, according to a new report that finds manufacturing was the most targeted industry during 2021.

Knocking financial services and insurance off the top of the heap after a long reign, the manufacturing industry was found by IBM to be the most attacked sector – accounting for 23% of reports of ransomware.

That’s one of the headlines from IBM’s X-Force Threat Intelligence Index, which claims that more ransomware attacks were experienced by manufacturers than any other industry, and that the “ripple effect” of disruption caused their “downstream supply chains to pressure them into paying the ransom.”

“Manufacturers have a low tolerance for downtime, and ransomware actors are capitalizing on operational stressors exacerbated by the pandemic,” claimed the report.

In addition, a compromised organisation might find its supply chain meddled with by a hacking gang that uses it to push out poisoned software updates to customers. Clearly when it’s not just one company that has been hit by ransomware, but hundreds of its customers as well, there is even more pressure applied to pay a ransom.

Worryingly, the report found that 47% of attacks on the manufacturing industry relied upon vulnerabilities that organisations had either failed to patch or could not patch, suggesting a weakness in prioritising vulnerability management.

According to the report, there has been a 33% rise in the number of incidents caused by vulnerability exploitation, and four out of the top five vulnerabilities exploited in 2021 were new vulnerabilities, including – in second place – the Log4j vulnerability, which was only disclosed in December.

The top infection of all, however, is one that everybody should be familiar with – phishing.

Phishing may not be a new phenomenon, or technically sophisticated, but it has proven time and (Read more...)