The biggest cyber risks in MEA - IBM Security

Backdoor deployments were the most used cyberattack tactic by cybercriminals in the Middle East and Africa (MEA) region in 2022.

This according to IBM Security's 2023 X-Force Threat Intelligence Index, showing that the deployment of backdoors – which allow remote access to systems – were detected in 27% of cases X-Force responded to last year.

The uptick in backdoor deployments can be partially attributed to their high market value. X-Force observed threat actors selling existing backdoor access for as much as $10,000, compared to stolen credit card data which sells for less than $10 per card.

The finance and insurance industries were the most targeted in 2022, accounting for 44% of incidents and down slightly from 2021 at 48%. Professional, business and consumer services accounted for 22% of attacks, with manufacturing and energy tying for third place at 11%.

Ransomware remains popular

According to the report, ransomware attacks held steady at 18% of incidents in MEA. Globally, however, defenders were more successful detecting and preventing ransomware.

Despite this, attackers continued to innovate, with the report showing that globally the average time to complete a ransomware attack dropped from two months to under four days.

Worms tied with ransomware as the second-most common attack type in the MEA region in 2022, at 18%.

The IBM Security X-Force Threat Intelligence Index tracks new and existing trends and attack patterns – pulling from billions of data points from network and endpoint devices, incident response engagements and other sources.

IBM Security found that ransomware attacks made up 18% of incidents in MEA, and globally the average time to complete a ransomware attack dropped from two months to under four days. (Source: IBM Security)

"Proactively managing security risks and evolving cybercrime tactics is a critical priority for organizations across MEA. The X-Force Threat Intelligence Index findings demonstrate the continued threat of ransomware and the increasing use of thread hijacking tactics," said Frida Kleimert Knibbs, security leader at IBM MEA.

"To safeguard against these threats, it's imperative that companies remain vigilant and focus on effective incident response planning. As the security landscape evolves, it is crucial to prioritize threat intelligence and strengthen defenses," she added.

Extortion extends reach

IBM Security found that the most common impact from cyberattacks in 2022 was extortion, which was primarily achieved through ransomware or business email compromise attacks. Extortion and financial loss each accounted for half of identified impacts in incidents across the MEA region in 2021.

Globally, extortion was the most common impact in 28% of cases, with data theft, credential harvesting and data leaks at 17% each. X-Force responded to 47% of cases in Europe, 33% in North America, 10% in Asia-Pacific, 7% in the Middle East and Africa and 3% in Latin America.

Manufacturing was the most extorted industry globally in 2022, and it was again the most attacked industry for the second consecutive year.

"Manufacturing organizations are an attractive target for extortion, given the extremely low tolerance for down time," IBM said.

Global cybercrime trends

Globally, thread hijacking saw a significant rise in 2022, with attackers using compromised email accounts to reply within ongoing conversations posing as the original participant. X-Force observed the rate of monthly attempts increase by 100% globally compared to 2021 data.

Over the year, attackers used this tactic to deliver Emotet, Qakbot and IcedID, malicious software that often results in ransomware infections.

There were some declines, with the proportion of known exploits relative to vulnerabilities falling 10% globally between 2018 and 2022, due to the fact that the number of vulnerabilities hit another all-time high.

The findings indicate that legacy exploits enabled older malware infections such as WannaCry and Conficker to continue to exist and spread.

The number of cybercriminals targeting credit card information in phishing kits also dropped 52% globally in one year, indicating that attackers are prioritizing personally identifiable information such as names, emails, and home addresses, which can be sold for a higher price on the dark web or used to conduct further operations, IBM said.

*Top image source: Image by standret on Freepik.

— Paula Gilbert, Editor, Connecting Africa