2016 IBM X-Force Report: Breaches Without Borders and Tales From the Cybercrime Underground
Today we released the IBM X-Force Threat Intelligence Report. In 2015, organized crime groups really stepped up their game by focusing on higher-value records such as health-related personally identifiable information (PII) and other types of sensitive data to exceed initial forecasts for the year.
To say it was an exciting year would be understatement! Cybercrime had an epic year, with criminals chasing opportunities everywhere — and affecting everyone.
Cybercriminals’ Targets Are Bigger, and Their Rewards Greater
The demand for leaked data is trending toward higher-value records such as health-related PII and other sensitive data, with less emphasis on the emails, passwords and even credit card data that were the targets of years past. We see this in both the breach trends and the evolution of malware to target high-value bank accounts.
The top 10 list of malware code listed in the figure below reveals that cybercrime is no longer the domain of amateurs. While lone attackers and small factions continue to use the Zeus code for their fraud attempts, the more impactful cybercrime is without a doubt the domain of organized gangs.
Breaches Without Borders and the Sophistication of Attack Techniques
News of breaches are being reported more widely around the world. This is reflected not only in the volume of incidents reported publicly, but also new government regulations requiring disclosure, such as those the Netherlands has implemented.
In 2015, there were notable breaches reported in Canada, Australia, the U.K., France, Turkey and Japan.
Malware, too, has continued to move around the globe, with Shifu jumping from Japan to the U.K., and Dyre making appearances in Spain and Australia.
In the report, we talk more about these leaps and others as being indicative of the increasing sophistication and organization of attackers since they require more than simple changes to configuration files.
Mobile Malware’s Quantum Leap
In the world of mobile devices, we see malware making a quantum leap with overlay malware. This involves Trojans implementing a convincing social engineering effort to fool users into divulging payment login details, online banking credentials and payment card details right from their device. The malware is often bundled with spyware, turning it into a one-stop fraud shop.
X-Force Report Underscores a Continued Need for Security Basics
Vulnerability news was more of the same: The second half of 2015 saw an increase in disclosed vulnerabilities for a total of just under 9,000. This represents the highest number of vulnerabilities the X-Force team has seen and recorded in our database.
In our experiences working with clients and prospects, X-Force has seen that many organizations do not sufficiently monitor published vulnerabilities that may affect the technology protecting their data. As a result, they may be ignorant of the risk and impacts of a data breach. There are common reasons, however, why organizations are in the dark about these exposures and risks, including:
- They are not aware of all the sources of their data because they lack an asset inventory.
- They don’t understand how critical their vulnerabilities are or the danger they pose to effectively supporting and growing the business.
- They intend to do a vulnerability scan to identify risks and remediate vulnerabilities, but because they don’t understand the depth of the risks they face, they never get around to taking action.
With so much happening at once, there is renewed emphasis for security basics surrounding risk assessment and patching of vulnerabilities, protecting databases and implementing mitigating controls so that every organization can better handle risks.