-         Finance and Insurance Most-Targeted Industry in MEA; Email Thread Hijacking Attempts Spike; Time to Ransom Moves from Months to Days

By : Basel Khaled

IBM Security released its annual X-Force Threat Intelligence Index finding that although ransomware’s share of incidents in the Middle East and Africa (MEA) held steady at 18%, globally defenders were more successful detecting and preventing ransomware.

Despite this, attackers continued to innovate, with the report showing that globally the average time to complete a ransomware attack dropped from two months down to less than 4 days. 

According to the 2023 report, the deployment of backdoors, which allow remote access to systems, emerged as the top action by attackers in the MEA region last year.

Backdoor deployments were detected in 27% of the cases X-Force responded to in this region in 2022.

Ransomware and worms tied for the second-most common attack type in the region at 18% each. The uptick in backdoor deployments can be partially attributed to their high market value. X-Force observed threat actors selling existing backdoor access for as much as $10,000, compare this to stolen credit card data, which sells for less than $10 per card today.

As organizations across the MEA region try to address the ever-evolving cyber threats landscape, Marwa Abbas, General Manager at IBM Egypt, added: “Our X-Force Threat Intelligence Index findings showed that attackers always find new ways to evade detection, with finance and insurance being the most targeted industry for cyberattacks in the Middle East and Africa region. As such, it is essential for enterprises to prioritize threat intelligence and strengthen defenses through a proactive security strategy in order to break free from cyber threats. IBM’s integrated portfolio of security products and services, infused with dynamic AI and automation capabilities, enables organizations to predict threats, protect data as it moves, and respond with speed and precision without holding back business innovation.”

The IBM Security X-Force Threat Intelligence Index tracks new and existing trends and attack patterns – pulling from billions of datapoints from network and endpoint devices, incident response engagements and other sources. Some of the key findings in the 2023 report include:

·       Extortion: Threat Actors Go-to Method. The most common impact from cyberattacks in 2022 was extortion, which was primarily achieved through ransomware or business email compromise attacks. Extortion and financial loss each accounted for half of identified impacts in incidents across the MEA region in 2021. Manufacturing was the most extorted industry globally in 2022, and it was again the most attacked industry for the second consecutive year. Manufacturing organizations are an attractive target for extortion, given the extremely low tolerance for down time.

·       Cybercriminals Weaponize Email Conversations. Thread hijacking saw a significant rise in 2022, with attackers using compromised email accounts to reply within ongoing conversations posing as the original participant. X-Force observed the rate of monthly attempts increase by 100% globally compared to 2021 data. Over the year, X-Force found that attackers used this tactic to deliver Emotet, Qakbot, and IcedID, malicious software that often results in ransomware infections.

·       Legacy Exploits Still Doing the Job. The proportion of known exploits relative to vulnerabilities declined 10 percentage points globally from 2018 to 2022, due to the fact that the number of vulnerabilities hit another all-time high. The findings indicate that legacy exploits enabled older malware infections such as WannaCry and Conficker to continue to exist and spread.

·       Phishers “Give Up” on Credit Card Data. The number of cybercriminals targeting credit card information in phishing kits dropped 52% globally in one year, indicating that attackers are prioritizing personally identifiable information such as names, emails, and home addresses, which can be sold for a higher price on the dark web or used to conduct further operations.

·       Finance and Insurance Remain Prime Targets for Cyberattacks in MEA: In the Middle East and Africa, Finance and insurance was the most-targeted industry in 2022, accounting for 44% of incidents and down slightly from 2021 at 48%. Professional, business and consumer services accounted for 22% of attacks, with manufacturing and energy tying for third place at 11%.

The report features data IBM collected globally in 2022 to deliver insightful information about the global threat landscape and inform the security community about the threats most relevant to their organizations. You can download a copy of the 2023 IBM Security X-Force Threat Intelligence Report here.