Overview
Know the threat to beat the threat
Cyberattacks are more prevalent, creative and faster than ever. So understanding attackers’ tactics is crucial. The IBM Security® X-Force® Threat Intelligence Index 2023 offers CISOs, security teams and business leaders actionable insights to help you understand how threat actors are waging attacks, and how to proactively protect your organization.
Attack types
Unlocked: Backdoors fuel ransomware
Backdoor deployments, which enable remote access to systems, were the most common type of attacker action that X-Force incident responders handled. The silver lining: 67% of backdoor cases were failed ransomware attacks as defenders were able to disrupt the backdoor before ransomware was deployed.
21%
Of incidents saw backdoors deployed
17%
Of attacks in 2022 were ransomware
6%
Of attacks were business email compromise
Expert insight: Keying in on backdoors
Watch Andy Piazza, Global Head of Threat Intelligence at IBM Security X-Force, discuss the top three actions we saw threat actors take.
IBM Security X-Force Threat Intelligence Index 2023 Insight: Andy Piazza (01:02)
Tip:
Understand an attacker’s view of known and unknown risks
Taking an attacker’s view of both known and unknown risks can help organizations adopt preventive measures before incidents happen.
Extortion
Victims felt the pressure in 27% of attacks
Whether ransomware, business email compromise (BEC) or distributed denial of service (DDoS), 27% of attacks were extortion related. When attackers see a weakness, they exploit it. Recognizing the industry's low tolerance for downtime, cybercriminals focused more extortion attempts on manufacturing than any other industry.
of extortion targeted manufacturing
of extortion targeted Europe
Prepare and respond faster
Get recommendations to help you stay ahead of threats.
Infection vectors
Phishing: Top way attackers gained access
For the second year in a row, phishing was the leading infection vector, identified in 41% of incidents. More than half of phishing attacks used spear phishing attachments. X-Force also observed a 100% increase in thread hijacking attempts per month—where an attacker impersonates someone and uses existing email conversations for nefarious purposes.
41%
Of attacks used phishing
26%
Of attacks exploited public-facing apps
16%
Of attacks abused valid accounts
Expert insight: Phishing facts
Stephanie “Snow” Carruthers, Chief People Hacker at IBM Security X-Force Red, explains why phishing was the leading infection vector.
IBM Security X-Force Threat Intelligence Index 2023 Insight: Stephanie Carruthers (01:00)
Vulnerabilities
Only 26% of new vulnerabilities had known exploits
The proportion of vulnerabilities with a known exploit declined 10 percentage points over the last few years. However, cybercriminals already have access to more than 78,000 known exploits. This access made it easier to exploit older, unpatched vulnerabilities, highlighting the need for a well-defined vulnerability management strategy, including better understanding your attack surface and risk-based prioritization of patches.
New vulnerabilities with exploits
Of known exploits were new in 2022
Tip:
You need to analyze multiple factors
Identify, prioritize and remediate the vulnerabilities that matter most.
Ransomware
Fast ransomware attacks demand faster responses
While there was a slight decline in ransomware attacks, an X-Force study found that the time to execute attacks dropped 94% over the last few years. What took months now takes attackers mere days. With attackers moving faster, organizations must take a proactive, threat-driven approach to cybersecurity.
60+ days
2019 ransomware deployment time
9.5 days
2020 ransomware deployment time
3.85 days
2021 ransomware deployment time
Expert insight: Ransomware realities
John Dwyer, Head of Research, IBM Security X-Force, talks about the need for speed when it comes to ransomware attacks.
IBM Security X-Force Threat Intelligence Index 2023 Insight: John Dwyer (00:51)