Incidents of ransomware in Africa/Middle East have dropped, but attackers continue to innovate

Although ransomware’s share of incidents in the Middle East and Africa held steady at 18%, defenders were more successful in detecting and preventing ransomware globally, finds the X-Force Threat Intelligence Index. EPA/RITCHIE B. TONGO

Although ransomware’s share of incidents in the Middle East and Africa held steady at 18%, defenders were more successful in detecting and preventing ransomware globally, finds the X-Force Threat Intelligence Index. EPA/RITCHIE B. TONGO

Published Mar 25, 2023

Share

Although ransomware’s share of incidents in the Middle East and Africa (MEA) held steady at 18%, defenders were more successful in detecting and preventing ransomware globally, finds the X-Force Threat Intelligence Index.

The report by IBM Security shows that despite this, attackers continued to innovate, as it shows that globally the average time to complete a ransomware attack dropped from two months down to less than four days.

According to the 2023 report, the deployment of back doors, which allow remote access to systems, emerged as the top action by attackers in the MEA region last year. Back door deployments were detected in 27% of the cases X-Force responded to in this region last year. Ransomware and worms tied for the second-most common attack type in the region at 18% each. The uptick in backdoor deployments can be partially attributed to their high market value. X-Force observed threat actors selling existing back door access for as much as $10,000 compared to stolen credit card data, which sells for less than $10 per card today.

Frida Kleimert Knibbs, Security Leader at IBM MEA, said that as organisations across the MEA region tried to address the ever-evolving cyber threats landscape, the role of threat intelligence was critical in safeguarding against these threats. “Proactively managing security risks and evolving cybercrime tactics is a critical priority for organisations across MEA. The X-Force Threat Intelligence Index findings demonstrate the continued threat of ransomware and the increasing use of thread hijacking tactics,” Knibbs said.

She added that to safeguard against these threats, it was imperative that companies remained vigilant and focused on effective incident response planning. “As the security landscape evolves, it is crucial to prioritise threat intelligence and strengthen defences”.

The IBM Security X-Force Threat Intelligence Index tracks new and existing trends and attack patterns, pulling from billions of data points from network and endpoint devices, incident response engagements and other sources.

Some of the key findings in the 2023 report include that the most common impact from cyberattacks last year was extortion, which was primarily achieved through ransomware or business email compromise attacks. Extortion and financial loss each accounted for half of the identified impacts in incidents across the MEA region in 2021. Manufacturing was the most extorted industry globally last year, and it was again the most attacked industry for the second consecutive year. Manufacturing organisations were an attractive target for extortion, given the extremely low tolerance for down time.

Thread hijacking saw a significant rise last year, with attackers using compromised email accounts to reply to ongoing conversations posing as the original participant. X-Force observed the rate of monthly attempts increased by 100% globally compared to 2021 data. Over the year, X-Force found that attackers used this tactic to deliver Emotet, Qakbot, and IcedID, malicious software that often results in ransomware infections.

The proportion of known exploits relative to vulnerabilities declined 10 percentage points globally from 2018 to last year due to the fact that the number of vulnerabilities hit another all-time high. The findings indicated that legacy exploits enabled older malware infections such as WannaCry and Conficker to continue to exist and spread.

The number of cybercriminals targeting credit card information in phishing kits dropped 52% globally in one year, indicating that attackers were prioritising personally identifiable information such as names, emails, and home addresses, which could be sold for a higher price on the dark web or used to conduct further operations.

In the Middle East and Africa, Finance and insurance was the most-targeted industry last year as it accounted for 44% of incidents and down slightly from 2021 at 48%. Professional, business and consumer services accounted for 22% of attacks, with manufacturing and energy tying for third place at 11%.

The report was said to feature data IBM collected globally in 2022 to deliver insightful information about the global threat landscape and inform the security community about the threats most relevant to their organisations.

The February 2023 Threat Report, produced by the global Trellix Advanced Research Centre (ARC), described an environment in which Governments were becoming increasingly digitised while dealing with scarce resources to build a future-facing cyber security strategy.

It said the situation was similar in South Africa, where ransomware and email threats remained the most common methods of infiltrating systems. For hackers, their most prized prey is the South African Government, followed by the financial sector.

Trellix SA Country Lead Carlo Bolzonello said with President Cyril Ramaphosa announcing that R1.5-trillion would be invested in new sectors of the economy over the next five years, such as renewable energy, green hydrogen, electric vehicle fuel cells, and more. Bolzonello said digital systems would need to be fortified through robust and modern cybersecurity platforms to protect these investments.

The firm said that already, major private and public sector institutions were being breached more frequently over time. “While a legislative framework is a positive step, ensuring the security of our state resources and vast amounts of data on each citizen requires the appropriate online tools. The challenge for the state, as well as the corporate sector, is the limited available high-level cyber security skills, as well as the mounting cost of technology, mainly the traditional anti-malware software, especially as some tools will work in one area than another.”

BUSINESS REPORT