IBM has released its 2019 X-Force Threat Intelligence Index.
The report provides an in-depth look at the current state of cybersecurity threats. It also offers organizations best practices for how to protect themselves against current fraudster tactics.
The report discusses developments in:
- 2018’s most targeted industries
- IOT and IIOT attacks
- Hardware vulnerabilities
- Malicious domains
- Threat mitigation
One key takeaway is the movement away from malware-based attacks in favor of direct attacks on operating system tools.
Phishing Attacks Ascendant
The report states phishing attacks were nearly one-third of all attacks in 2018. Within that category, the most significant threat was business email compromise (BEC):
- BEC – 36%
- Basic phishing attacks – 36%
- Office 365 compromise – 18%
- Mix of BEC and Office 365 Mix – 9%
Speaking about the importance of the BEC threat specifically, the report explains:
When it comes to the most lucrative types of social engineering scams, BEC has been a growing tide for several years spanning all industries and geographies. BEC scams purport to originate from an owner or CEO or a high-ranking em-ployee. They are sent to those who control the company’s bank accounts with instructions to execute a confidential wire transfer. The transfer ends up in accounts the criminals control. The FBI reports that BEC fraud has been growing rapidly in the US and across the globe, having cost organizations $12.5 billion at last count.
Malware, Spam, and Botnets
The report also discusses the prevalence of malware spread by spam in 2018, especially the use of Necurs, delivered via spam emails, by organized cyber crime gangs.
“With very few exceptions, all major malware campaigns in 2018 were distributed by Necurs,” the report states “Especially those perpetrated by major cybercrime gangs or the operators of ransomware or banking Trojans”.
The topics in the emails delivering Necurs included “Swiss Coin Promotion”, Dating, and “Chinese Email Harvesting”.
The report also gives targeted attention to malware in the financial sector specifically, and provides a breakdown of the most prevalent malware attacks, as well as tips on how to defend against them. Malware discussed includes Trickbot, Gozi, and Ramnit.