Three in every five of initial entries into cybercrime victims’ networks that were observed leveraged either previously stolen credentials or known software vulnerabilities, allowing attackers to rely less on deception to gain access, the IBM X-Force Threat Intelligence Index 2020 shows.
Asia trailed North America as the most targeted region, experiencing the highest number of observed attacks as well as suffered the largest reported data losses over the past year at over 5 billion and 2 billion records exposed, respectively.
The report found that the top three initial attack vectors were, first, phishing which was seen in almost one-third (31%) of incidents, compared to half in 2018.
Second, scanning and exploitation of vulnerabilities resulted in 30% of observed incidents, compared to just 8% in 2018. In 2019, older, known vulnerabilities in Microsoft Office and Windows Server Message Block were still finding high rates of exploitation.
And third, the use of previously stolen credentials is also gaining ground as a preferred point-of-entry 29% of the time in observed incidents.
In 2019 alone, the report states more than 8.5 billion records were compromised — resulting in a 200% increase in exposed data reported year over year, adding to the growing number of stolen credentials that cybercriminals can use as their source material.
Wendi Whitmore, VP of IBM X-Force Threat Intelligence, said the amount of exposed records that are being seen means that cybercriminals are getting their hands on more keys to homes and businesses.
“Attackers won’t need to invest time to devise sophisticated ways into a business; they can deploy their attacks simply by using known entities, such as logging in with stolen credentials,” said Whitmore.
“Protection measures, such as multi-factor authentication and single sign-on, are important for the cyber resilience of organisations and the protection and privacy of user data,” she said.
IBM’s analysis found that of the more than 8.5 billion breached records reported in 2019, of which seven billion (over 85%) were due to misconfigured cloud servers and other improperly configured systems.
The report found that tech, social media and content streaming household brands make up the Top 10 spoofed brands that cyber attackers are impersonating in phishing attempts. Top brands used in squatting schemes include Google, YouTube and Apple.