Security

Are you ready to strike when threat actors attack?

Share this post:

Author: Pelin Nancarrow, Asia Pacific Lead – X-Force Incident Response & Intelligence Services, IBM Security

As the cyber threat landscape evolves, what we saw in 2018 is organisations across all industries are facing unmanageable levels of cyber threats brought on by the changing threat landscape, the risk of exposure and an ever-growing attack surface.

The IBM X-Force Research team is a crack team of security professionals who run thousands of spam traps around the world and monitor tens of millions of spam and phishing attacks daily while analysing billions of web pages and images to detect fraudulent activity and brand abuse.

In the fight to stay one step ahead, this week we released the IBM X-Force Intelligence Threat Index 2019. The report contains notable security events in 2018 and looks ahead with a pre-emptive approach. It also shares insights and observations from data analysed via hundreds of millions of protected endpoints and servers across over 100 countries.

“Taking a look back at 2018, it amazes me that the cybercrime threat landscape continues to top itself year after year,” says our Vice President of Security, Caleb Barlow. “Over the past year, we’ve seen historic breaches, the discovery of large-scale vulnerabilities, the emergence of the trust economy and regulators trying to help make sense of it all.”

Some of the key findings in the report include:

Ransomware & Malware are out & cryptojacking is in

Ransomware use is on the decline. What we saw last year was cybercriminals shifting their focus to cryptojacking. The use of ransomware was down in 2018 (down 45% from Q1 to Q4), while cryptojacking activity increased 450% from Q1 to Q4 2018.

Cybercriminals also opted to abuse operating system tools, instead of Malware. The X-Force team reported that more than half of cyberattacks (57%) leveraged hard-to-detect fileless techniques including the use of PowerShell and PsExe.

Cryptojacking activity increased 450% from Q1 to Q4 2018

Misconfigurations still plague organisations

Publicly disclosed misconfiguration incidents increased by 20% year-over-year. Interestingly, there was a 52% decrease in the number of records compromised due to this threat vector.

BEC continues to pay the bills

Phishing campaigns made heavy use of targeted Business Email Compromise (BEC) scams. They accounted for 45% of the phishing attacks tracked by X-Force.

Industry watch

The finance and insurance sector was the most-attacked industry for the third year in a row. They accounted for 19% of total attacks and incidents in 2018.

The transportation industry emerged as the industry to watch. It became the second-most attacked sector in 2018 – dramatically moving up the ranks from 10th in 2017.

Vulnerability reporting on the rise

Nearly one third (42,000) of all 140,000 vulnerabilities tracked by IBM X-Force, were reported in just the past three years. In fact, IBM X-Force Red found an average 1,440 unique vulnerabilities per organisation.

You can download a copy of the full report here:

Australia

New Zealand

 

 

 

 

More Security stories

Cyber resilience: A state of unreadiness

Author: Pelin Nancarrow, Asia Pacific Lead – X-Force Incident Response & Intelligence Services, IBM Security Despite an increasing need for incident response planning, the majority of enterprises do not have an effective strategy to handle cybersecurity incidents, according to results of a recent global study of cyber resilience. The study, conducted by Ponemon Institute and […]

Continue reading

IBM is an Incident Response Leader in Forrester Wave Cybersecurity Report

Author: Pelin Nancarrow, Asia Pacific Lead – X-Force Incident Response & Intelligence Services, IBM Security These days, it’s no longer a matter of “if” you’re going to suffer a cyber breach, it’s a matter of “when.” When the inevitable breach happens, how you respond to the breach matters. An ineffective response can add even more […]

Continue reading

So your personal information has been hacked. What now?

Author: Chris Hockings CTO & Master Inventor, IBM Security So you’ve checked what your friends are up to on Facebook, ordered a new outfit online and just opened an email to find an urgent alert from your favourite charity. The email says your name, address and other sensitive information may have been compromised due to […]

Continue reading