Today we released the IBM X-Force Threat Intelligence Report. In 2015, organized crime groups really stepped up their game by focusing on higher-value records such as health-related personally identifiable information (PII) and other types of sensitive data to exceed initial forecasts for the year.

To say it was an exciting year would be understatement! Cybercrime had an epic year, with criminals chasing opportunities everywhere — and affecting everyone.

Cybercriminals’ Targets Are Bigger, and Their Rewards Greater

The demand for leaked data is trending toward higher-value records such as health-related PII and other sensitive data, with less emphasis on the emails, passwords and even credit card data that were the targets of years past. We see this in both the breach trends and the evolution of malware to target high-value bank accounts.

Read the complete 2016 IBM X-Force Threat Intelligence Report

The top 10 list of malware code listed in the figure below reveals that cybercrime is no longer the domain of amateurs. While lone attackers and small factions continue to use the Zeus code for their fraud attempts, the more impactful cybercrime is without a doubt the domain of organized gangs.

Breaches Without Borders and the Sophistication of Attack Techniques

News of breaches are being reported more widely around the world. This is reflected not only in the volume of incidents reported publicly, but also new government regulations requiring disclosure, such as those the Netherlands has implemented.

In 2015, there were notable breaches reported in Canada, Australia, the U.K., France, Turkey and Japan.

Malware, too, has continued to move around the globe, with Shifu jumping from Japan to the U.K., and Dyre making appearances in Spain and Australia.

In the report, we talk more about these leaps and others as being indicative of the increasing sophistication and organization of attackers since they require more than simple changes to configuration files.

Mobile Malware’s Quantum Leap

In the world of mobile devices, we see malware making a quantum leap with overlay malware. This involves Trojans implementing a convincing social engineering effort to fool users into divulging payment login details, online banking credentials and payment card details right from their device. The malware is often bundled with spyware, turning it into a one-stop fraud shop.

X-Force Report Underscores a Continued Need for Security Basics

Vulnerability news was more of the same: The second half of 2015 saw an increase in disclosed vulnerabilities for a total of just under 9,000. This represents the highest number of vulnerabilities the X-Force team has seen and recorded in our database.

In our experiences working with clients and prospects, X-Force has seen that many organizations do not sufficiently monitor published vulnerabilities that may affect the technology protecting their data. As a result, they may be ignorant of the risk and impacts of a data breach. There are common reasons, however, why organizations are in the dark about these exposures and risks, including:

  • They are not aware of all the sources of their data because they lack an asset inventory.
  • They don’t understand how critical their vulnerabilities are or the danger they pose to effectively supporting and growing the business.
  • They intend to do a vulnerability scan to identify risks and remediate vulnerabilities, but because they don’t understand the depth of the risks they face, they never get around to taking action.

With so much happening at once, there is renewed emphasis for security basics surrounding risk assessment and patching of vulnerabilities, protecting databases and implementing mitigating controls so that every organization can better handle risks.

Download the full 2016 IBM X-Force Threat Intelligence Report

More from Threat Intelligence

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Shedding light on…

Raspberry Robin and Dridex: Two Birds of a Feather

IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin DLL and a Dridex malware loader, the results show that they are similar in structure and functionality. Thus, IBM Security research draws another link between the Raspberry Robin infections and the Russia-based cybercriminal group 'Evil Corp,' which is the same…

From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers

A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is particularly interesting as campaign activity has so far linked Bumblebee to affiliates of the threat group ITG23 (aka the Trickbot/Conti group), who are not known to have had a previous connection with Ramnit. This year has so far proven tumultuous…