IBM: Hackers turn away from deception

Cybercriminals are evolving their techniques for breaking into computer networks.

According to the IBM X-Force Threat Intelligence Index 2020 from IBM Security, 60% of initial entries into victims’ networks that were observed leveraged either previously stolen credentials or known software vulnerabilities. This allowed attackers to rely less on deception to gain access.

The index highlighted several contributing factors to this growing cyberattack trend. They included a significant increase in the percentage of incidents stemming from hackers scanning and exploiting vulnerabilities in software to 30% in 2019 from 8% in 2018. The use of previously stolen credentials also gained ground as a preferred point-of-entry, responsible for 29% of observed incidents in 2019. Meanwhile, phishing attacks designed to steal new credentials dropped to 31% of observed incidents in 2019 from more than half in 2018.

Just in 2019, the report states more than 8.5 billion records were compromised—resulting in a 200% increase in exposed data reported year-over-year and adding to the growing number of stolen credentials that cybercriminals can use as their source material.

Retail has jumped to the second most attacked industry in this year’s report, in a very close race with financial services which remained at the top for the fourth year in a row. Magecart attacks are among the most prominent attacks observed against retail, impacting a reported 80 e-commerce sites in the summer of 2019.

Other key highlights from the index include:

• The report shows an uptick in ransomware activity in 2019, with IBM X-Force deploying its incident response team to ransomware incidents in 13 different industries worldwide. However, IBM X-Force saw significant attacks against retail, manufacturing and transportation, which IBM analysis indicates are known to either hold a surplus of monetizable data or rely on outdated technology and, thus, face the vulnerability sprawl.

• IBM’s analysis found that of the more than 8.5 billion breached records reported in 2019, 7 billion of those, or over 85%, were due to misconfigured cloud servers and other improperly configured systems, a departure from 2018 when these records made up less than half of total records.

• IBM observed a “squatting” trend in phishing campaigns, where attackers impersonate consumer brands to trick users into clicking malicious links in phishing attempts. Nearly 60% of the top 10 spoofed brands identified were Google and YouTube domains, while Apple (15%) and Amazon (12%) domains were also spoofed by attackers looking to steal users’ monetizable data.

IBM X-Force conducted its analysis based on insights and observations from monitoring 70 billion security events per day in more than 130 countries. In addition, data is gathered and analyzed from multiple sources including X-Force IRIS, X-Force Red, IBM Managed Security Services, and publicly disclosed data breach information. IBM X-Force also runs thousands of spam traps around the world and monitors tens of millions of spam and phishing attacks daily while analyzing billions of web pages and images to detect fraudulent activity and brand abuse.