More than 8.5 billion records were compromised during 2019— resulting in a 200 per cent increase in exposed data reported year-over-year, according to a new report from IBM.
The end result is significant growth in the number of stolen credentials that cybercriminals can use as their source material.
IBM Security released its annual X-Force Threat Intelligence Index overnight, highlighting how cybercriminals’ techniques have evolved after decades of access to tens of billions of corporate and personal records and hundreds of thousands of software flaws, as 2019 became a year of old threats being used in new ways.
The report reveals attackers rely less on deception to gain access with 60 per cent of initial entries into victims’ networks leveraging either previously stolen credentials or known software vulnerabilities.
Phishing, while on the decline last year, remained in the top three initial attack vectors accounting for 31 per cent of incidents observed, compared to half in 2018.
The decrease in phishing may be attributed to cybercriminals increasingly using previously stolen credentials as a preferred point-of-entry in 29 per cent of observed incidents.
“Attackers won’t need to invest time to devise sophisticated ways into a business; they can deploy their attacks simply by using known entities, such as logging in with stolen credentials,” said Wendi Whitmore, vice president, IBM X-Force Threat Intelligence.
“The amount of exposed records that we see today means that cybercriminals are getting their hands on more keys to our homes and businesses,” she said.
The report found that the inadvertent insider is largely responsible for this significant rise in comprised data. Records exposed due to misconfigured servers — including publicly accessible cloud storage, unsecured cloud databases, and improperly secured rsync backups, or open internet-connected network area storage devices — accounted for 86 per cent of the records compromised in 2019.
Whitmore said organisations can mitigate exposed data risk through protection measures, such as multi-factor authentication and single sign-on, which are essential for the organisation-wide cyber resilience and the protection and privacy of user data.
Scanning and exploitation of vulnerabilities resulted in 30 per cent of observed incidents, compared to just 8 per cent in 2018, with known vulnerabilities in Microsoft Office and Windows Server Message Block still highly exploited in 2019, the report showed.
The IBM X-Force team said 150,000 vulnerabilities have been publicly disclosed, thus giving threat actors many scan-and-exploit choices to gain initial network access without having to expend resources to craft new cyber attack methods.
The report emphasised cyber adversaries are increasingly banking on organisations not keeping up-to-date with their patch application, even for vulnerabilities where patches have been available for some time. The report cited WannaCry infections continue to be observed for more than two years since the initial infection, despite the patch (MS17-010) becoming widely available.
At 31 per cent, phishing was the most frequent vector used for initial access in 2019, the reported stated, with technology and social media platforms the most commonly spoofed brands in phishing campaigns.
The report noted targeting social media or content streaming sites, such as Instagram and Spotify, may not provide threat actors with readily monetisable data, like stealing Google or Amazon accounts. However, threat actors are relying on individuals re-using their passwords between accounts and services and use these harvested credentials to gain access to more valuable accounts held by the same user, the report explained.
The IBM X-Force data showed imitated domains can be difficult for users to visually discern as authentic-looking fake sites can entice a user to divulge personal data on a malicious website if it resembles the original closely enough.
Due to phishing prevalence as an attack vector, IBM security recommends organisations have a solution in place to detect and block spoofed domains, such as Quad9 — a free DNS platform that protects users against known malicious domains by preventing their computers and IoT devices from connecting to malware or phishing sites.
The report warns risk surface will continue to grow in 2020, with more than 150,000 current vulnerabilities and new ones reported regularly. By leveraging threat intelligence to understand threat actor motivations better and tactics, building and training an incident response team and stress testing incident response plans; an organisation may be able to prioritise better security resources and mitigate some of the relevant risks they could face in the future, the report said.