New for 2017, IBM combined their IBM X-Force Threat Intelligence Report and IBM Managed Security Services Cyber Security Intelligence Index to create the IBM X-Force Threat Intelligence Index. The Threat Intelligence Index helps you understand the cybersecurity threat landscape so you can better protect your organization.
Cyberattacks can be financially devastating to corporate victims. In 2016 Yahoo disclosed that 1.5 billion email records, passwords, and other personal customer information had been stolen throughout the years. After Yahoo revealed the information about its history, Verizon cut its purchase price of Yahoo by $350 million dollars.
X-Force combines data from monitored security clients with publicly reported data breach information as well as information from the spam traps X-Force runs around the world. Billions of security events are found annually across 8,000 monitored client devices in more than 100 countries. Additionally, X-Force monitors over eight million spam and phishing attacks every day, along with more than 37 billion web pages and images each year. This is the data used to offer insight into the universe of cyberattacks in 2016.
Reports of cyberattacks often reveal the theft of specific information such as credit card data or passwords. 2016 saw an unprecedented number of leaks of large scale, unstructured data sets. Personal information of individuals is often sold on the Dark Web, while criminal gangs launch attacks to steal millions from companies. These big leaks often influence global politics. Some examples include the Panama Papers and emails from the Democratic National Committee (DNC).
The Panama Papers spurred protests in several countries and led to the resignation of the Prime Minister of Iceland. The leaked DNC emails were a major topic of discussion during the United States presidential campaign, and some believe might have influenced the election outcome. In both cases, classic and relatively simple forms of attacks occurred, including SQL injection (SQLi) and phishing.
Cybersecurity threats change daily and continually grow more sophisticated, but many cyberattacks rely on classic attack vectors. Although awareness of cybersecurity threats and efforts to protect against them are on the rise, tried-and-true methods remain easy to execute and effective.
Spam email continues to be a weapon of choice for cybercriminals. Email can easily be used to spread malware by both external and internal malicious actors. X-Force found a fourfold increase in spam email in 2016 versus 2015. They also observed an increase in malicious attachments to the spam.
Ransomware accounted for 85% of those malicious attachments. Despite high-profile reports of ransomware attacks, companies of all sizes fall victim each year. Not only are ransomware attacks easy to launch, hackers can purchase ready-made malware kits and “ransomware-as-a-service”, they are profitable with a high return on investment (ROI).
After 20 years of documenting publicly-disclosed software vulnerabilities, X-Force recorded over 10,000, the most in its tracking history. Many of these come from the growing number of web applications. Most of the vulnerabilities could be exploited by SQLi attacks.
Less is More
Although the number of vulnerabilities is growing, the rate of attacks is decreasing. As ISPs and security solutions become better at detecting and stopping malware distributed by mass spam blasts, these types of attacks are increasingly left to the realm of amateurs. Well-organized criminal gangs have learned to continually test and refine their techniques with small, focused attacks. Ultimately, even with fewer attempts, a higher success rate means crime becomes more profitable.
One way cybercriminals get around improved detection is to make frequent changes to their malware until they find it can bypass anti-virus software and other security tools. At that point, hackers can launch a focused attack on a big target and realize large returns. Another approach is to target a single country or a small number of institutions in a few countries. This can keep attempts under the radar and give them more time to sharpen their attacks.
In an environment where cyberattacks are decreasing but becoming more effective, how can companies protect themselves?
- Understand the threat. Many business leaders perceive that cybercrime is largely the domain of rogue individuals. However, the reality is that most attacks are launched by sophisticated gangs or by insiders. Security efforts will be more effective when focused on the most likely sources and methods.
- Practice security fundamentals. It can be easy to become complacent and rely on implementing software and other technology approaches. It is important to continually learn best practices, develop comprehensive risk management strategies, and share findings with the business community.
- Implement patch management. Malware is often effective because attackers take advantage of organizations with older, out-of-date technology infrastructures. Ransomware attacks can frequently be thwarted by applying patches issued by software manufacturers. Having a program to regularly implement patches can go a long way to reducing vulnerability.
- Educate employees. Many attacks come from insiders or through successful phishing and other social engineering efforts. It is important that all employees know how to recognize possible malware and avoid downloading such programs.
- Engage the whole C-Suite. Many organizations leave cybersecurity to the CIO and tech staff. However, protecting valuable data is the responsibility of all company leadership. Collaboration among executives will lead to greater protection against cyberattacks.
Download the complete 2017 IBM X-Force Threat Intelligence Index to dive deeper into the results and learn more about the evolving nature of cybersecurity threats.
Additional Resources on This Topic: