Security Experts:

Connect with us

Hi, what are you looking for?



Financial Sector Remains Most Targeted by Threat Actors: IBM

Organizations in the financial and insurance sectors were the most targeted by threat actors in 2020, continuing a trend that was first observed roughly five years ago, IBM Security reports.

Organizations in the financial and insurance sectors were the most targeted by threat actors in 2020, continuing a trend that was first observed roughly five years ago, IBM Security reports.

Manufacturing and energy became the second and third most targeted industries last year, respectively. Retail and professional services rounded up the top five most targeted sectors, IBM says.

In the latest installment of their annual X-Force Threat Intelligence Index, IBM Security also reveals that ransomware was the most popular attack method in 2020, with a market share of roughly 23%.

“Threat actors carried out ransomware attacks predominantly by gaining access to victim environments via remote desktop protocol, credential theft, or phishing—attack vectors that have been similarly exploited to install ransomware in prior years,” IBM explains.

The operators behind the Sodinokibi (REvil), which is said to have been the most prevalent ransomware family in 2020, are believed to have made in excess of $123 million in profits during last year alone.

IBM’s security researchers also note that more than half of the ransomware attacks observed in 2020 used a double extortion strategy, where, in addition to files being encrypted, data was stolen and victims threatened with public exposure unless the ransom was paid. IBM estimates that 36% of the public breaches in 2020 were ransomware-related data leaks.

Data theft attacks, IBM says, went up 160% compared to 2019, but accounted for only 13% of the overall incidents in 2020. Server access came in third at 10%, marking a 233% increase year-over-year, while Business Email Compromise (BEC) dropped to fourth position with 9% market share (a drop from 14% in 2019).

Last year, vulnerability scanning and exploitation was the top attack vector, being employed in 35% of all incidents that IBM observed. The top ten most targeted flaws were CVE-2019-19781 (Citrix ADC), CVE-2018-20062 (NoneCMS ThinkPHP), CVE-2006-1547 (Apache Struts), CVE-2012-0391 (Apache Struts), CVE-2014-6271 (GNU), CVE-2019-0708 (BlueKeep), CVE-2020-8515 (DrayTek Vigor), CVE-2018-13382 and CVE-2018-13379 (Fortinet FortiOS), CVE-2018-11776 (Apache Struts), and CVE-2020-5722 (Grandstream UCM6200).

Last year, phishing was employed in 33% of attacks, being the second most commonly used infection vector. Credential theft, on the other hand, only accounted for 18% of attacks, dropping significantly from the previous year (when it accounted for 29% of incidents).

IBM also noticed a significant increase in the number of reported vulnerabilities in industrial control systems (ICS), which reached 468 last year, up 49% from 2019.

Most of the malicious attacks observed in 2020 hit Europe, North America, and Asia, with attacks targeting European organizations registering a spike.

Europe accounted for 31% of the observed attacks, up 10% percentage points from 2019, with ransomware being the most common threat, at 21% of all attacks. North America, on the other hand, was hit by 27% of assaults, a significant drop from the 44% incidents it accounted for the previous year.

Related: Number of ICS Vulnerabilities Continued to Increase in 2020: Report

Related: NSA Publishes Cybersecurity Year in Review Report

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Threat Intelligence

How threat intelligence is critical when justifying budget for GRC personnel, and for threat intelligence, incident response, security operations and CISO buyers.