Today we released the IBM X-Force Threat Intelligence Report. In 2015, organized crime groups really stepped up their game by focusing on higher-value records such as health-related personally identifiable information (PII) and other types of sensitive data to exceed initial forecasts for the year.

To say it was an exciting year would be understatement! Cybercrime had an epic year, with criminals chasing opportunities everywhere — and affecting everyone.

Cybercriminals’ Targets Are Bigger, and Their Rewards Greater

The demand for leaked data is trending toward higher-value records such as health-related PII and other sensitive data, with less emphasis on the emails, passwords and even credit card data that were the targets of years past. We see this in both the breach trends and the evolution of malware to target high-value bank accounts.

Read the complete 2016 IBM X-Force Threat Intelligence Report

The top 10 list of malware code listed in the figure below reveals that cybercrime is no longer the domain of amateurs. While lone attackers and small factions continue to use the Zeus code for their fraud attempts, the more impactful cybercrime is without a doubt the domain of organized gangs.

Breaches Without Borders and the Sophistication of Attack Techniques

News of breaches are being reported more widely around the world. This is reflected not only in the volume of incidents reported publicly, but also new government regulations requiring disclosure, such as those the Netherlands has implemented.

In 2015, there were notable breaches reported in Canada, Australia, the U.K., France, Turkey and Japan.

Malware, too, has continued to move around the globe, with Shifu jumping from Japan to the U.K., and Dyre making appearances in Spain and Australia.

In the report, we talk more about these leaps and others as being indicative of the increasing sophistication and organization of attackers since they require more than simple changes to configuration files.

Mobile Malware’s Quantum Leap

In the world of mobile devices, we see malware making a quantum leap with overlay malware. This involves Trojans implementing a convincing social engineering effort to fool users into divulging payment login details, online banking credentials and payment card details right from their device. The malware is often bundled with spyware, turning it into a one-stop fraud shop.

X-Force Report Underscores a Continued Need for Security Basics

Vulnerability news was more of the same: The second half of 2015 saw an increase in disclosed vulnerabilities for a total of just under 9,000. This represents the highest number of vulnerabilities the X-Force team has seen and recorded in our database.

In our experiences working with clients and prospects, X-Force has seen that many organizations do not sufficiently monitor published vulnerabilities that may affect the technology protecting their data. As a result, they may be ignorant of the risk and impacts of a data breach. There are common reasons, however, why organizations are in the dark about these exposures and risks, including:

  • They are not aware of all the sources of their data because they lack an asset inventory.
  • They don’t understand how critical their vulnerabilities are or the danger they pose to effectively supporting and growing the business.
  • They intend to do a vulnerability scan to identify risks and remediate vulnerabilities, but because they don’t understand the depth of the risks they face, they never get around to taking action.

With so much happening at once, there is renewed emphasis for security basics surrounding risk assessment and patching of vulnerabilities, protecting databases and implementing mitigating controls so that every organization can better handle risks.

Download the full 2016 IBM X-Force Threat Intelligence Report

more from Threat Intelligence

Hive0117 Continues Fileless Malware Delivery in Eastern Europe

Through continued research into the ongoing cyber activity throughout Eastern Europe, IBM Security X-Force identified a phishing email campaign by Hive0117, likely a financially motivated cybercriminal group, from February 2022, designed to deliver the fileless malware variant dubbed DarkWatchman. The campaign masquerades as official communications from the Russian Government’s Federal Bailiffs Service, the Russian-language emails […]