2 min

Ransomware remains king, the manufacturing industry is its biggest target and Linux malware has taken off. Today, IBM’s security branch shared an insight into the security landscape of 2021.

IBM Security X-Force Threat Intelligence uses billions of data points to shadow cybercriminals. Last year’s data paints an accurate picture of the security landscape.

In 2021, one in five attackers used ransomware — a drop of nine percent from the year before, but the most popular nonetheless. Although ransomware has traditionally been written for Windows devices, the number of malicious Linux programs increased by 146 percent.

IBM Security holds ransomware group REvil accountable for nearly 40 percent of all ransomware attacks. The group was arrested by Russian intelligence forces in January 2022, nearly three years after its first attack. REvil lasted longer than the average ransomware group, which “disappears seventeen months after being formed”.

Just under half of all cyber attacks were enabled by phishing. Phishing remains the most popular method for initial access by far. One in five targeted phishing emails scored a click. That rate was three times higher for victims who were telephoned by cybercriminals after receiving a phishing email.

An IBM Security Operations Center.


The manufacturing industry took the biggest hit. Of all attacks prevented by IBM X-Force, 23 percent targeted manufacturers. Last year, the financial industry was number one.

The growing number of attacks on manufacturers is related to the adoption of SCADA MODBUS and IoT devices. SCADA MODBUS is the most popular communication protocol for devices in the manufacturing industry. In 2021, cybercriminals scanned SCADA MODBUS OT devices for vulnerabilities 22 times more often than the year before.


IBM X-Force finds zero trust to be the most effective measure against popular attack types. The organization emphasizes the importance of insight into users’ locations and authentication tools.

If your organization currently imposes strict authentication on user access to domain controllers and domain admin accounts, you’re well on your way. X-Force found that many ransomware attackers deploy malware through compromised domain controllers.

In addition, the organization recommends an incident response plan. Who do you notice after an attack, where can you find backups, and how do you make sure that workloads keep running? Assume that your organization will fall victim, but don’t stop there. Consider the possibility of a leak. X-Force warns that criminals are increasingly likely to leak databases following ransomware attacks.

According to the organization, phishing requires a two-sided approach, wherein both employees and software are trained to recognize attacks. Furthermore, X-Force stresses the importance of multi-factor authentication and identity access management. Lastly, the organization emphasizes the value of a dedicated security team. That should come as no surprise, as X-Force provides dedicated security services.