Light Dark
May 26, 2022 By Jonathan Reed 3 min read
Risk Management
Application Security
Data Protection
Energy & Utility
Incident Response
Retail
Security Services

Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights.

This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a slight margin. Here’s a breakdown of the top five industries targeted and what businesses need to know about each one.

#1 Manufacturing

For the first time since 2016, manufacturing was the most attacked industry in 2021, targeted in 23.2% of the attacks addressed by X-Force.

Accounting for 23% of attacks, ransomware was the top attack type, exposing the heavy focus ransomware actors place on manufacturing. Server access attacks came in second place at 12%, which might represent some failed attack operations. Business email compromise (BEC) and data theft tied for third place, at 10% each.

BEC attacks often seek to take advantage of manufacturer relationships with suppliers, sub-suppliers and wholesale shipping. Threat actors redirect payments between partners to accounts under the BEC attackers’ control. Meanwhile, data theft efforts may focus on stealing sensitive intellectual property or holding data for ransom.

#2 Finance and insurance

Attackers hit finance and insurance companies in 22.4% of attacks remediated by X-Force in 2021. Compared to prior years, the financial industry’s attack rate has fallen. This suggests that financial companies are putting higher standards in place. In addition, financial services use hybrid cloud environments, which enable improved data visibility and management.

Server access breaches (14%) were found to be the top attack type on finance and insurance companies. This was followed by ransomware, misconfigurations and fraud, all coming in at 10%. Meanwhile, phishing was the most common infection vector for financial services, leading to 46% of attacks against this sector in 2021.

#3 Professional and business services

Professional services include IT providers, law firms, architects, accountants and consultants. Business services include office administration, HR, security services, travel assistance and landscaping. Professional and business services firms accounted for 12.7% of all attacks observed in 2021.

Ransomware was the top attack type for this sector, making up 32% of all attacks observed by X-Force. Server access attacks were the second-most common attack type (19%). A decrease in ransomware attacks in Q4 suggests that professional services firms are doing a better job at thwarting ransomware attacks. Vulnerability exploitation accounted for 50% of incidents, and phishing accounted for another 20% in this sector.

#4 Energy

The energy industry was the fourth most attacked in 2021, with 8.2% of all attacks observed. The X-Force report speculates that threat actors shifted their focus away from energy entities for a brief time in fear of retaliation for the ransomware attack on the Colonial Pipeline in May 2021. But attack rates appear to be rising since September.

Ransomware (25%) was the most common attack type against energy organizations in 2021. This was followed by remote access trojans (RATs), direct denial of service and BEC, all of which tied for second place (17%). Phishing was the most common attack vector, making up around 60% of attacks against the energy sector. Vulnerability exploitation made up the other 40% of incidents.

#5 Retail and wholesale

Retail and wholesale were the fifth most targeted in X-Force’s 2022 ranking. Overall, the sector faced 7.3% of all attacks. Within the sector, retail accounted for 35% and wholesale 65% of attacks. Threat actors may have focused more on wholesale groups due to their role in supply chains.

BEC, server access, data theft and credential harvesting were the top attack types on retail and wholesale last year. Ransomware and banking trojans also accounted for a large number of attacks, followed by RATs, misconfiguration and fraud. Phishing was the top infection vector for the sector, accounting for 38% of the attacks. Stolen credentials were the second most common vector at 31%. Meanwhile, vulnerability exploitation made up another 23% and brute force 8%.

Adapt and thrive

The threat landscape is constantly changing, and each industry has its unique challenges. Overall, ransomware continues to be the top threat in most sectors. As shown by the improvement in finance and insurance, efforts to strengthen digital defenses lead to concrete results against established and emerging threats.

 |  |  |  |  |  |  |  |  |  |  | 
Jonathan Reed
Freelance Technology Writer

More from Risk Management
April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

April 16, 2024

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

April 11, 2024

Ransomware payouts hit all-time high, but that’s not the whole story

3 min read - Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies.Still, it’s not all roses for…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature