Are you ready to strike when threat actors attack?

Share this post:

Author: Pelin Nancarrow, Asia Pacific Lead – X-Force Incident Response & Intelligence Services, IBM Security

As the cyber threat landscape evolves, what we saw in 2018 is organisations across all industries are facing unmanageable levels of cyber threats brought on by the changing threat landscape, the risk of exposure and an ever-growing attack surface.

The IBM X-Force Research team is a crack team of security professionals who run thousands of spam traps around the world and monitor tens of millions of spam and phishing attacks daily while analysing billions of web pages and images to detect fraudulent activity and brand abuse.

In the fight to stay one step ahead, this week we released the IBM X-Force Intelligence Threat Index 2019. The report contains notable security events in 2018 and looks ahead with a pre-emptive approach. It also shares insights and observations from data analysed via hundreds of millions of protected endpoints and servers across over 100 countries.

“Taking a look back at 2018, it amazes me that the cybercrime threat landscape continues to top itself year after year,” says our Vice President of Security, Caleb Barlow. “Over the past year, we’ve seen historic breaches, the discovery of large-scale vulnerabilities, the emergence of the trust economy and regulators trying to help make sense of it all.”

Some of the key findings in the report include:

Ransomware & Malware are out & cryptojacking is in

Ransomware use is on the decline. What we saw last year was cybercriminals shifting their focus to cryptojacking. The use of ransomware was down in 2018 (down 45% from Q1 to Q4), while cryptojacking activity increased 450% from Q1 to Q4 2018.

Cybercriminals also opted to abuse operating system tools, instead of Malware. The X-Force team reported that more than half of cyberattacks (57%) leveraged hard-to-detect fileless techniques including the use of PowerShell and PsExe.

Cryptojacking activity increased 450% from Q1 to Q4 2018

Misconfigurations still plague organisations

Publicly disclosed misconfiguration incidents increased by 20% year-over-year. Interestingly, there was a 52% decrease in the number of records compromised due to this threat vector.

BEC continues to pay the bills

Phishing campaigns made heavy use of targeted Business Email Compromise (BEC) scams. They accounted for 45% of the phishing attacks tracked by X-Force.

Industry watch

The finance and insurance sector was the most-attacked industry for the third year in a row. They accounted for 19% of total attacks and incidents in 2018.

The transportation industry emerged as the industry to watch. It became the second-most attacked sector in 2018 – dramatically moving up the ranks from 10th in 2017.

Vulnerability reporting on the rise

Nearly one third (42,000) of all 140,000 vulnerabilities tracked by IBM X-Force, were reported in just the past three years. In fact, IBM X-Force Red found an average 1,440 unique vulnerabilities per organisation.

You can download a copy of the full report here:


New Zealand





More Security stories

What would a data breach do to your company?

The landmark 2019 Cost of a Data Breach study from the Ponemon Institute surveyed 500 companies around the world and reviewed 10 years of historical data to get a comprehensive view of the impact of data breaches. The results are compelling. The costs of data breaches are increasing – as is the time it takes […]

Continue reading

Navigating cybersecurity standards for financial institutions

Learn how to prepare for APRA Security Standard CPS 234 Authors: Chris Hockings, CTO IBM Security A/NZ IBM Global Markets – Cognitive Solutions Unit Industry Platforms & Ruby Li, Associate Partner, IBM Security From 01 July, 2019 APRA Security Standard CPS 234 will impose new cybersecurity requirements on financial institutions. The standard aims to improve […]

Continue reading