Tens of billions of stolen records that include personal information, and some 150,000 software weaknesses detected to date have led to a change in hackers’ practices – the IBM X-Force Cyber Threats Report for 2020 shows. And more about previously stolen information available for purchase on the dark web, or known software weaknesses, the information of which is also available for purchase.
For example, phishing attacks (“phishing”), which in 2018 were the preferred mode of action in about half of the attacks, dropped to less than a third (31%) of the attacks last year. About 30 percent of the incidents seen last year were exploitation of software weaknesses – up from 8 percent in 2018. Old and recognized weaknesses in the Microsoft Office suite of applications and the Windows Server message block continued to be exploited by alarming rates in 2019. Using stolen permissions was the preferred avenue of attack in 29% of cases last year.
In 2019 alone, the network leaked more than 8.5 billion records, leading to a 200% increase in exposed data year-over-year. This is a significant risk to businesses given that most rely on passwords as the primary means of identity verification. What’s more: An EMA-funded EMA study found that 39% of employees use the same password on multiple accounts and 28% do not reset the password regularly. These challenges become even more severe as more and more stolen privileges flood the Dark Web and contribute to the attackers’ ability to expand the scope of attacks.
“The sheer volume of records revealed indicates that cyber criminals can easily get their hands on the ‘keys to our homes and businesses’. They don’t even have to spend time and effort searching for sophisticated ways to break into the business. They just surf the net and use assault tools with stolen privileges,” Wendy said Whitmore, vice president responsible for IBM X-Force’s cyber intelligence report. “Today, more than ever, safeguards such as multi-factor authentication and single sign on are essential to ensure enterprise resilience in cyber attacks.”
The IBM X-Force report is based on insights and ongoing monitoring of 70 billion daily security events in more than 130 countries. In addition, data is collected from a variety of sources and analyzed through IBM managed security services and publicly released hacking data. IBM X-Force also Run thousands of spam traps around the world and track tens of millions of spam and phishing attacks every day while analyzing billions of web pages to identify fraudulent and business exploitation.
Trust in brands like Google, Apple and Amazon is used for successful phishing attacks
Another notable trend emerging from the report shows that phishing attacks are taking advantage of consumer confidence in the biggest and best-known technology brands.
At the top of the “top ten” of the brands whose identity was forged by cybercriminals for phishing attacks were Google, YouTube, Apple and Amazon. Facebook, Instagram and Netflix also reached the “top ten” but at a significantly lower rate. This may be because these services do not hold money convertible data (monetization) directly. The “Top Ten” sites hold close to 10 billion user accounts, a highly enticing repository for attackers, and thus the likelihood that an innocent user will click on a legitimate link to the site being hacked.
Because attackers often gamble on privilege reuse to hack into large-scale accounts, the report’s authors believe that reusing and using the same passwords is what made these brands a preferred target. IBM’s Future of Identity Survey found that 51% of millennials use Again and again with the same password, while the Z generation only has five passwords – indicating a higher rate of reuse.
Download the report: https://ibm.biz/
Source link
https://www.israeldefense.co.il/he/node/41958
