“Excuse me, are you aware of what’s happening right now? We’re facing 20 billion security events every day. DDoS campaigns, ransomware, malware attacks …” says a woman sternly to an associate in a recently aired commercial featuring Watson and IBM Security. She may have been an actor, but the question and the threats she described plague real-world organizations and their security operations teams daily.

 

The Year of the Mega Breach

IBM X-Force knows the difficulties organizations face when it comes to finding time to step back from day-to-day operations to look at the big security picture. Because of this, they may be left with many unanswered questions, such as:

  • What cybercrime trends have surfaced over the last year?
  • What are the most prevalent mechanisms of attack and what steps do we need to take to mitigate those attacks?
  • Is my industry one of the most targeted in terms of attacks, and is there something to learn from those that have experienced fewer compromises?
  • Are the majority of attacks coming from inside or outside my network? Is the makeup of the insider attacks mostly malicious or inadvertent?

Read the complete IBM X-Force Threat Intelligence Index Now

Fortunately, IBM X-Force takes the guesswork out of assessing the security threat landscape for organizations with the IBM X-Force Threat Intelligence Index. To form assessments regarding the threat landscape, X-Force researchers draw on numerous data sources to include both data from monitored security clients — billions of events per year from more than 8,000 client devices in more than 100 countries — and data derived from noncustomer assets, such as spam sensors and honeynets.

The Big Security Picture

The following key trends point to a continued need to focus on security fundamentals.

  • World-changing leaks: The security landscape was rocked with unprecedented leaks of comprehensive datasets, with over 4 billion compromised records exposed.
  • Tried-and-true methods: Cybercriminals continue to favor older attack methods to gain access to valuable data and resources, including command injection, malware toolkits and ransomware.
  • Decline in attacks: The average IBM monitored security client experienced fewer attacks compared to last year, down 12 percent. But that doesn’t necessarily mean less danger; it could indicate that attackers are relying more on proven attacks, thus requiring fewer strikes.

For a closer look at the full cyberthreat landscape for 2016, download the complete IBM X-Force Threat Intelligence Index 2017.

Read the IBM X-Force Threat Intelligence Index Now

More from Threat Intelligence

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - Summary As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed…

CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones

7 min read - CVE-2023-20078 catalogs an unauthenticated command injection vulnerability in the web-based management interface of Cisco 6800, 7800, and 8800 Series IP Phones with Multiplatform Firmware installed; however, limited technical analysis is publicly available. This article presents my findings while researching this vulnerability. In the end, the reader should be equipped with the information necessary to understand and trigger this vulnerability.Vulnerability detailsThe following Cisco Security Advisory (Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities - Cisco) details CVE-2023-20078 and…

X-Force data reveals top spam trends, campaigns and senior superlatives in 2023

10 min read - The 2024 IBM X-Force Threat Intelligence Index revealed attackers continued to pivot to evade detection to deliver their malware in 2023. The good news? Security improvements, such as Microsoft blocking macro execution by default starting in 2022 and OneNote embedded files with potentially dangerous extensions by mid-2023, have changed the threat landscape for the better. Improved endpoint detection also likely forced attackers to shift away from other techniques prominent in 2022, such as using disk image files (e.g. ISO) and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today