IBM Security has released the annual 2021 X-Force Threat Intelligence Index. It demonstrates how the nature of cyberattacks changed during the COVID-19 pandemic in 2020, when attackers sought to profit from an unprecedented socio-economic situation and political and business challenges.

In particular, Europe was the most-attacked region in 2020, experiencing 31% of all cyberattacks observed by X-Force experts. Also, the number of attacks by encryption viruses increased sharply. In addition, Europe suffered more insider attacks than any other region, twice as many as North America and Asia combined.

Medicine and pharmaceuticals industry under attack

Cyberattack CrimiaIn 2020, malefactors more often attacked organisations that play a key role in the global fight against COVID-19, i.e., hospitals, medical device manufacturers, pharmaceutical companies and more.

For example, cyberattacks on healthcare, manufacturing, and energy doubled from the year prior, with threat actors targeting organisations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains. In fact, manufacturing and energy were the most attacked industries in 2020, second only to the finance and insurance sector. Contributing to this was attackers taking advantage of the nearly 50% increase in vulnerabilities in industrial control systems (ICS), which manufacturing and energy both strongly depend on.

“In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note. Many organisations were pushed to the front lines of response efforts for the first time – whether to support COVID-19 research, uphold vaccine and food supply chains, or produce personal protective equipment. Attackers’ victimology shifted as the COVID-19 timeline of events unfolded, indicating yet again, the adaptability, resourcefulness and persistence of cyber adversaries,” said Nick Rossmann, Global Threat Intelligence Lead, IBM Security X-Force.

Key findings

According to Intezer data, the number of Linux malware families increased by 40% last year, while the number of malware written using the Go programming language increased sixfold in the first half of 2020. This indicates that wrongdoers are rapidly mastering the attacks using Linux. According to the “write once, run anywhere” principle for hybrid cloud environments, attackers create the malware easily run on different platforms.

Cybercrime in workThus, the developers of collaboration tools – Google, Dropbox and Microsoft – as well as online stores and related companies, such as Amazon and PayPal, were among the 10 most spoofed brands. YouTube and Facebook, which were the main sources of news last year, also topped the list. For the first time in the company’s history, Adidas ranked the seventh most spoofed brand in 2020, most likely driven by demand for two lines of sneakers.

Thus, encryption viruses were involved in almost every fourth attack detected by X-Force experts in 2020. Ransomware has been increasingly popular. Last year, it helped the perpetrators raise more than $123 million, and nearly two-thirds of the victims agreed to pay a ransom.


The X-Force Threat Intelligence Index is based on insights and observations from monitoring more than 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM Security X-Force Threat Intelligence and Incident Response, X-Force Red, IBM Managed Security Services, and data provided by Quad9 and Intezer, both of which contributed to the 2021 report.

Natalia Tolub

All News ›