February 27, 2019
Share this post:
Author: Pelin Nancarrow, Asia Pacific Lead – X-Force Incident Response & Intelligence Services, IBM Security
As the cyber threat landscape evolves, what we saw in 2018 is organisations across all industries are facing unmanageable levels of cyber threats brought on by the changing threat landscape, the risk of exposure and an ever-growing attack surface.
The IBM X-Force Research team is a crack team of security professionals who run thousands of spam traps around the world and monitor tens of millions of spam and phishing attacks daily while analysing billions of web pages and images to detect fraudulent activity and brand abuse.
In the fight to stay one step ahead, this week we released the IBM X-Force Intelligence Threat Index 2019. The report contains notable security events in 2018 and looks ahead with a pre-emptive approach. It also shares insights and observations from data analysed via hundreds of millions of protected endpoints and servers across over 100 countries.
“Taking a look back at 2018, it amazes me that the cybercrime threat landscape continues to top itself year after year,” says our Vice President of Security, Caleb Barlow. “Over the past year, we’ve seen historic breaches, the discovery of large-scale vulnerabilities, the emergence of the trust economy and regulators trying to help make sense of it all.”
Some of the key findings in the report include:
Ransomware & Malware are out & cryptojacking is in
Ransomware use is on the decline. What we saw last year was cybercriminals shifting their focus to cryptojacking. The use of ransomware was down in 2018 (down 45% from Q1 to Q4), while cryptojacking activity increased 450% from Q1 to Q4 2018.
Cybercriminals also opted to abuse operating system tools, instead of Malware. The X-Force team reported that more than half of cyberattacks (57%) leveraged hard-to-detect fileless techniques including the use of PowerShell and PsExe.
Misconfigurations still plague organisations
Publicly disclosed misconfiguration incidents increased by 20% year-over-year. Interestingly, there was a 52% decrease in the number of records compromised due to this threat vector.
BEC continues to pay the bills
Phishing campaigns made heavy use of targeted Business Email Compromise (BEC) scams. They accounted for 45% of the phishing attacks tracked by X-Force.
The finance and insurance sector was the most-attacked industry for the third year in a row. They accounted for 19% of total attacks and incidents in 2018.
The transportation industry emerged as the industry to watch. It became the second-most attacked sector in 2018 – dramatically moving up the ranks from 10th in 2017.
Vulnerability reporting on the rise
Nearly one third (42,000) of all 140,000 vulnerabilities tracked by IBM X-Force, were reported in just the past three years. In fact, IBM X-Force Red found an average 1,440 unique vulnerabilities per organisation.
You can download a copy of the full report here: