The financial and insurance sectors of Middle Eastern and African countries were faced with more cyberattacks in 2022 than other sectors in the region, according to IBM.
The firm stated that the two sectors accounted for 44 per cent of incidents in 2022, which was four percentage points lower than the 48 per cent that was recorded in 2021.
Hackers also prioritised attacks on professional, business and consumer services sectors during this period, with the sectors accounting for 22 per cent of attacks.
This was contained in IBM Security’s recently released ‘X-Force Threat Intelligence Index’, which stated that ransomware’s share of incidents in the Middle East and African region held steady at 18 per cent in 2022.
The index discovered that attackers continued to innovate, with the average time to complete a ransomware attack dropping from two months to less than four days in 2022.
Security Leader at IBM MEA, Kleimert Knibbs, said, “Proactively managing security risks and evolving cybercrime tactics is a critical priority for organizations across MEA.
“The X-Force Threat Intelligence Index findings demonstrate the continued threat of ransomware and the increasing use of thread hijacking tactics.
“To safeguard against these threats, it’s imperative that companies remain vigilant and focus on effective incident response planning. As the security landscape evolves, it is crucial to prioritize threat intelligence and strengthen defences.”
According to the report, the deployment of backdoors, which allow remote access to systems, emerged as the top action by attackers in the region last year.
It stated that ransomware and worms tied for the second-most common attack type in the region at 18 per cent each.
The firm explained that the IBM Security X-Force Threat Intelligence Index tracks new and existing trends and attack patterns — pulling from billions of data points from network and endpoint devices, incident response engagements and other sources.
It added that some of its key findings for 2022 were, “Extortion: Threat Actors Go-to Method. The most common impact of cyberattacks in 2022 was extortion, which was primarily achieved through ransomware or business email compromise attacks.
“Extortion and financial loss each accounted for half of the identified impacts in incidents across the MEA region in 2021. Manufacturing was the most extorted industry globally in 2022, and it was again the most attacked industry for the second consecutive year. Manufacturing organizations are an attractive target for extortion, given the extremely low tolerance for downtime.”
IBM further stated that cybercriminals weaponised email conversations in 2022, with thread hijacking gaining significance, as attackers used compromised email accounts to reply within ongoing conversations posing as the original participant.
It added, “The number of cybercriminals targeting credit card information in phishing kits dropped 52 per cent globally in one year, indicating that attackers are prioritising personally identifiable information such as names, emails, and home addresses, which can be sold for a higher price on the dark web or used to conduct further operations.”