IBM Report Reveals Manufacturing Sector as Cyber Attack Prime Target in Asia Pacific

Photo by Tima Miroshnichenko

Per IBM Report, the Manufacturing Sector becomes Top Targeted for Cyber Attacks in Asia Pacific, as Critical Infrastructure Globally sees increased targeting

IBM has released the 2024 X-Force Threat Intelligence Index, revealing the manufacturing sector as the most-targeted industry in Asia-Pacific for the second year in a row, accounting for 46% of the incidents. While Europe accounted for most attacks on the transportation industry globally in the previous year, Asia Pacific surpassed it in 2023 as it experienced 63% of attacks against transportation entities. Notably, the study also showed how Asia-Pacific was the third most-targeted geography in 2023, accounting for 23% of incidents responded to globally.

According to IBM X-Force, IBM Consulting’s offensive and defensive security services arm, phishing and exploitation of public-facing applications were the most common initial access vectors observed in the region for 2023. However, amid the spike of identity-based attacks that emerged globally, organizations in the region should practice vigilance and focus on strengthening their user access controls as cybercriminals see more opportunities to “log in” versus hacking into corporate networks through valid accounts.

The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analyzed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer, which contributed to the 2024 report.

 

Some other key findings in Asia-Pacific region include:

At the industry level, manufacturing was the most-targeted in the region (46%); followed by finance and insurance, and transportation industries, which tied for second place, accounting for 12% of cases each; and education was third at 8%.

Phishing persisted as the top initial access vector in the region, with 36% of incidents in 2023, closely followed by exploitation of public-facing applications at 35%. The use of valid accounts, abuse of trusted relationship and replication through removable media all tied for third, each caused 12% of incidents observed.

Once again, malware was the most observed action representing 45% of attacks in Asia-Pacific. Ransomware led those incidents accounting for 17%, and infostealers followed at 10%. Backdoors which accounted for 31% in 2022, made up only 3% of cases in 2023.

The most common impact observed in attacks on the region were brand reputation and data theft at 27% each. Extortion, data destruction and data leak followed, all accounted for 20% of cases.

 

“Although ‘AI-engineered attacks’ are receiving more attention due to the rise of generative AI in the current landscape, the biggest security threat in Asia Pacific remains to be known unpatched vulnerabilities. Additional focus should also be placed on the region’s critical infrastructure and key industries such as manufacturing, finance and insurance, and transportation, with stress tests and well-prepared incidents response plans in place”, said Catherine Lian, General Manager & Technology Leader, IBM ASEAN. “The exploitation of user identity is becoming a preferred weapon of choice for global threat actors, raising the need for more effective user access control strategies in the region, and is prompting us to promote a holistic approach to security in the age of generative AI.”

The study also unveils key global highlights, which include:

A Global Identity Crisis Poised to Worsen

Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web today. In 2023, X-Force saw attackers increasingly invest in operations to obtain users’ identities globally – with a 266% uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more.

This “easy entry” for attackers is one that’s harder to detect, eliciting a costly response from enterprises. According to X-Force, major incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident – with defenders needing to distinguish between legitimate and malicious user activity on the network. In fact, IBM’s 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months to detect and recover from – the longest response lifecycle than any other infection vector.

This wide reach into users’ online activity was evident in the FBI and European law enforcement’s April 2023 takedown of a global cybercrime forum that collected the login details of more than 80 million user accounts. Identity-based threats will likely continue to grow as adversaries leverage generative AI to optimize their attacks. Already in 2023, X-Force observed over 800,000 posts on AI and GPT across Dark Web forums, reaffirming these innovations have caught cybercriminals attention and interest.

Adversaries "Log into" Critical Infrastructure Networks

Worldwide, nearly 70% of attacks that X-Force responded to were against critical infrastructure organizations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.

Nearly 85% of attacks that X-Force responded to on this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts. The latter poses an increased risk to the sector, with DHS CISA stating that the majority of successful attacks on government agencies, critical infrastructure organizations and state-level government bodies in 2022 involved the use of valid accounts. This highlights the need for these organizations to frequently stress test their environments for potential exposures and develop incident response plans.

Generative AI – The Next Big Frontier to Secure

For cybercriminals to see ROI from their campaigns, the technologies they target must be ubiquitous across most organizations worldwide. Just as past technological enablers fostered cybercriminal activities – as observed with ransomware and Windows Server's market dominance, BEC scams and Microsoft 365 dominance or cryptojacking and the Infrastructure-as-a-Service market consolidation – this pattern will most likely extend across AI.

X-Force assesses that once generative AI market dominance is established – where a single technology approaches 50% market share or when the market consolidates to three or less technologies – it could trigger the maturity of AI as an attack surface, mobilizing further investment in new tools from cybercriminals. Although generative AI is currently in its pre-mass market stage, it's paramount that enterprises secure their AI models before cybercriminals scale their activity. Enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that doesn't require novel tactics from attackers to target – highlighting the need for a holistic approach to security in the age of generative AI, as outlined in the IBM Framework for Securing Generative AI

Additional findings:

Everyone is vulnerable – Red Hat Insights found that 92% of customers have at least one CVE with known exploits unaddressed in their environment at the time of scanning, while 80% of the top ten vulnerabilities detected across systems in 2023 were given a ‘High’ or ‘Critical’ CVSS base severity score.

“Kerberoasting” pays off – X-Force observed a 100% increase in “kerberoasting” attacks, wherein attackers attempt to impersonate users to escalate privileges by abusing Microsoft Active Directory tickets.

Security misconfigurations – X-Force Red penetration testing engagements indicate that security misconfigurations accounted for 30% of total exposures identified, observing more than 140 ways that attackers can exploit misconfigurations.