IBM X-Force: Phishing Down, Credential Attacks Up in 2019


Phishing as a successful, initial infection vector was reported in less than a third of cyber incidents (31%) against businesses in 2019, compared to half in 2018, but scanning and exploitation of vulnerabilities accounted for 30% of observed incidents, compared to just 8% a year before.

That’s according to IBM Security’s “IBM X-Force Threat Intelligence Index 2020” report, which also saw the use of previously stolen credentials used as a preferred point-of-entry 29% of the time in observed incidents, resulting in a 200% increase in exposed data reported year over year.

The report, which details how cybercriminals’ techniques evolve every year, show cyberattacks are increasingly relying less on deception, and more on going after vulnerabilities, whether that be with credentials or system issues.

“The amount of exposed records that we’re seeing today means that cybercriminals are getting their hands on more keys to our homes and businesses. Attackers won’t need to invest time to devise sophisticated ways into a business; they can deploy their attacks simply by using known entities, such as logging in with stolen credentials,” said Wendi Whitmore, VP of IBM X-Force Threat Intelligence. “Protection measures, such as multi-factor authentication and single sign-on, are important for the cyber resilience of organizations and the protection and privacy of user data.”

The study’s results are based on observations from monitoring approximately 70 billion security events per day across more than 130 countries, using data gathered and analyzed from multiple sources, including X-Force IRIS, X-Force Red, IBM Managed Security Services and publicly disclosed data breaches.

IBM Security found that of the more than 8.5 billion breached records reported last year, seven billion were due to misconfigured cloud servers and other improperly configured systems. Meanwhile, the report also saw an uptick in cyber criminals spoofing tech and social media companies in phishing schemes, thanks partly due to consumers being less likely to fall victim to phishing emails.

Nearly 60% of the top 10 spoofed brands in 2019 were Google and YouTube domains, with Apple (15%) and Amazon (12%) domains also widely spoofed, all with the goal of stealing users’ data. Facebook, Instagram and Netflix also made the list of top 10 spoofed brands observed.

To download a copy of the “IBM X-Force Threat Intelligence Index 2020,” click here.