The majority of initial entries into targeted networks in 2019 relied on either previously stolen credentials or exploited known software vulnerabilities, new research shows.
Occurring in 60 per cent of incidents, this meant attackers relied less on deceiving users during the year, according to the IBM X-Force Threat Intelligence Index 2020.
However, while phishing attempts dropped by roughly 20 per cent compared to 2018 data, it was still the most prominent attack method, at 31 per cent of incidents.
Google was the most prominent brand used in phishing attempts in 39 per cent of incidents. This was followed by YouTube at 17 per cent, Apple at 15 per cent, Amazon at 12 per cent and then Spotify and Netflix both tied with five per cent each.
Scan and exploit attacks were the second highest attack at 30 per cent and rose 22 per cent in prominence from 2018.
In third place was the use of stolen credentials at 29 per cent. Compromised records exceeded 8.5 billion in 2019, an increase of 200 per cent in exposed data from 2018.
"The amount of exposed records that we're seeing today means that cyber criminals are getting their hands on more keys to our homes and businesses,” said Wendi Whitmore, vice president of IBM X-Force Threat Intelligence.
“Attackers won't need to invest time to devise sophisticated ways into a business; they can deploy their attacks simply by using known entities, such as logging in with stolen credentials. Protection measures, such as multi-factor authentication and single sign-on, are important for the cyber resilience of organisations and the protection and privacy of user data."
Ransomware also saw a notable increase with approximately 19 per cent of attacks related to the malware occurring during the first half of 2019, as opposed to 10 per cent the half-year prior. An even larger increase was noticed in Q4 of 2019, which saw a year-on-year rise of 67 per cent.
The most commonly seen ransomware attack method was through vulnerabilities in the Windows Server Message Block (SMB) protocol at over 80 per cent of ransomware attacks. This vulnerability was previously exploited in WannaCry attacks.
“Attacks against vulnerable versions of the SMB protocol can be automated, making this a low-cost option for threat actors to attempt and easier to scale in the quest to affect as many systems as possible in one attack,” the report noted.
“Threat actors also often used commodity downloaders, such as Emotet and TrickBot, to execute ransomware on a targeted system. This technique often leveraged PowerShell to download the malware and spread it using native functions, such as PSExec or Windows Management Instrumentation (WMI), which can be harder to detect.”
The vast majority of exploits in spam emails were sourced from 2017 security flaws that have since been patched — CVE-2017-0199 and CVE-2017-11882. Regardless of being patched roughly two and a half years ago, these vulnerabilities accounted for nearly 90 per cent of spam-related attacks in 2019.
Looking on to 2020, the number of records lost losses due to breaches and attacks is anticipated to increase, as 2019 saw a fourfold increase in record loss year-on-year.
“Malware use by threat actors continues to fluctuate, with ransomware, cryptominers, and botnets all taking lead at different points in 2019. We expect this trend to continue in 2020, meaning organisations will need to protect themselves against varied threats that change over time,” the index claimed.
“High levels of code innovation for ransomware and cryptominers likely implies these threats will continue to evolve in 2020, necessitating better detection and containment capabilities.
“Spam activity continues unabated, requiring diligent blacklisting, vulnerability patching and threat monitoring by organisations," it noted.