IBM X-Force Research: Hackers Weaponizing Stolen Records, Network Vulnerabilities
Nearly two in three cyber network burglaries have exploited previously stolen credentials or known software vulnerabilities, a new report from IBM’s threat intelligence unit found.
That means cyber crooks rely more on what they already know or have on-hand and less on trickery to gain network access, IBM’s X-Force Threat Intelligence Index 2020 said. It’s an example of how hacking techniques have evolved after decades of access to tens of billions of corporate and personal records and hundreds of thousands of software flaws, IBM said. Three initial attack vectors have fueled how cyber crews have evolved, the vendor said:
Less phishing, more pouncing on network security flaws, more use of stolen credentials:
- While phishing accounted for half of all successful initial infection vectors in 2018, it generated only 31 percent in 2019.
- Scanning and exploitation of vulnerabilities resulted in 30 percent of incidents IBM observed, compared to just 8 percent in 2018. As a case in point, known vulnerabilities in Microsoft Office and Windows Server Message Block were still accounting for high rates of exploitation in 2019.
- In 2019, more than 8.5 billion records were compromised. resulting in a 200 percent increase in exposed data reported year over year, adding to the growing number of stolen credentials that cyber criminals can use for source material.
Here are some of the report’s key findings:
- Of some 8.5 billion breached records reported in 2019, seven billion of those, or over 85 percent, were tied to misconfigured cloud servers and other improperly configured systems.
- Novel code used by banking trojans and ransomware topped the charts compared to other malware variants.
- Tech, social media and content streaming household brands, including Apple, Google and YouTube, make up the top 10 spoofed brands that cyber attackers are impersonating in phishing attempts.
- More than 100 U.S. government entities were impacted by ransomware attacks last year, with significant attacks against retail, manufacturing and transportation.
- New malware code was observed in 45 percent of banking trojans and 36 percent of ransomware attacks.
- TrickBot is the most active financial malware, suspected of deploying Ryuk on enterprise networks. Other banking trojans, such as QakBot, GootKit and Dridex, are also diversifying to ransomware variants.
- Phishing attackers are impersonating consumer tech brands, using tech, social media and content streaming companies to trick users into clicking malicious links in phishing attempts.
Additional key findings in the report include:
- Retail and financial services were the most attacked industries in 2019. Magecart impacted some 80 e-commerce sites in the summer of 2019.
- Cyber criminals are coveting consumers’ personal identifiable information, payment card data and in some cases loyalty program information.
- Operational technology (OT) attacks increased by 2000 percent year over year with more hits on industrial control systems and OT infrastructure than any of the prior three years.
- North America and Asia reported the highest data losses over the past year at 5 billion and 2 billion records exposed, respectively.
“The amount of exposed records that we’re seeing today means that cyber criminals are getting their hands on more keys to our homes and businesses,” said Wendi Whitmore, IBM X-Force Threat Intelligence vice president. “Attackers won’t need to invest time to devise sophisticated ways into a business; they can deploy their attacks simply by using known entities, such as logging in with stolen credentials,” she said,. “Protection measures, such as multi-factor authentication and single sign-on, are important for the cyber resilience of organizations and the protection and privacy of user data.”