Today we released the IBM X-Force Threat Intelligence Report. In 2015, organized crime groups really stepped up their game by focusing on higher-value records such as health-related personally identifiable information (PII) and other types of sensitive data to exceed initial forecasts for the year.

To say it was an exciting year would be understatement! Cybercrime had an epic year, with criminals chasing opportunities everywhere — and affecting everyone.

Cybercriminals’ Targets Are Bigger, and Their Rewards Greater

The demand for leaked data is trending toward higher-value records such as health-related PII and other sensitive data, with less emphasis on the emails, passwords and even credit card data that were the targets of years past. We see this in both the breach trends and the evolution of malware to target high-value bank accounts.

Read the complete 2016 IBM X-Force Threat Intelligence Report

The top 10 list of malware code listed in the figure below reveals that cybercrime is no longer the domain of amateurs. While lone attackers and small factions continue to use the Zeus code for their fraud attempts, the more impactful cybercrime is without a doubt the domain of organized gangs.

Breaches Without Borders and the Sophistication of Attack Techniques

News of breaches are being reported more widely around the world. This is reflected not only in the volume of incidents reported publicly, but also new government regulations requiring disclosure, such as those the Netherlands has implemented.

In 2015, there were notable breaches reported in Canada, Australia, the U.K., France, Turkey and Japan.

Malware, too, has continued to move around the globe, with Shifu jumping from Japan to the U.K., and Dyre making appearances in Spain and Australia.

In the report, we talk more about these leaps and others as being indicative of the increasing sophistication and organization of attackers since they require more than simple changes to configuration files.

Mobile Malware’s Quantum Leap

In the world of mobile devices, we see malware making a quantum leap with overlay malware. This involves Trojans implementing a convincing social engineering effort to fool users into divulging payment login details, online banking credentials and payment card details right from their device. The malware is often bundled with spyware, turning it into a one-stop fraud shop.

X-Force Report Underscores a Continued Need for Security Basics

Vulnerability news was more of the same: The second half of 2015 saw an increase in disclosed vulnerabilities for a total of just under 9,000. This represents the highest number of vulnerabilities the X-Force team has seen and recorded in our database.

In our experiences working with clients and prospects, X-Force has seen that many organizations do not sufficiently monitor published vulnerabilities that may affect the technology protecting their data. As a result, they may be ignorant of the risk and impacts of a data breach. There are common reasons, however, why organizations are in the dark about these exposures and risks, including:

  • They are not aware of all the sources of their data because they lack an asset inventory.
  • They don’t understand how critical their vulnerabilities are or the danger they pose to effectively supporting and growing the business.
  • They intend to do a vulnerability scan to identify risks and remediate vulnerabilities, but because they don’t understand the depth of the risks they face, they never get around to taking action.

With so much happening at once, there is renewed emphasis for security basics surrounding risk assessment and patching of vulnerabilities, protecting databases and implementing mitigating controls so that every organization can better handle risks.

Download the full 2016 IBM X-Force Threat Intelligence Report

More from Threat Intelligence

ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)

7 min read - In late April 2023, IBM Security X-Force uncovered documents that are most likely part of a phishing campaign mimicking credible senders, orchestrated by a group X-Force refers to as ITG10, and aimed at delivering RokRAT malware, similar to what has been observed by others. ITG10's tactics, techniques and procedures (TTPs) overlap with APT37 and ScarCruft. The initial delivery method is conducted via a LNK file, which drops two Windows shortcut files containing obfuscated PowerShell scripts in charge of downloading a…

7 min read

Expert Insights on the X-Force Threat Intelligence Index

5 min read - Top insights are in from this year’s IBM Security X-Force Threat Intelligence Index, but what do they mean? Three IBM Security X-Force experts share their thoughts on the implications of the most pressing cybersecurity threats, and offer guidance for what organizations can do to better protect themselves. Moving Left of Boom: Early Backdoor Detection Andy Piazza, Global Head of Threat Intelligence at IBM Security X-Force, sat down with Security Intelligence to chat with us about the rise in the deployment…

5 min read

Ex-Conti and FIN7 Actors Collaborate with New Backdoor

15 min read -   April 27, 2023 Update This article is being republished with modifications from the original that was published on April 14, 2023, to change the name of the family of malware from Domino to Minodo. This is being done to avoid any possible confusion with the HCL Domino brand. The family of malware that is described in this article is unrelated to, does not impact, nor uses HCL Domino or any of its components in any way. The malware is…

15 min read

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

4 min read - Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

4 min read