The X-Force Threat Intelligence Index 2023 from IBM Security shows that 2022 was a tumultuous year for cybersecurity.
The report tracking new and existing trends and attack patterns tapping the company’s 2022 research data, and nearly 30 years’ worth of data from its vulnerability database, shows that threat actors sought to extort money from companies in 27 per cent of cases that X-Force remediated in 2022. The deployment of backdoors occurred in 21 per cent of reported incidents and ransomware incidents declined from 21 per cent in 2021 to 17 per cent in 2022, thanks in part to successful intervention by security teams and incident responders.
They add that two-thirds of those backdoor cases identified had the markings of a ransomware attack. After gaining access, they say brokers typically attempt to auction their access, selling access for as low as $2,000 USD. The increased speed of ransomware attacks is also notable: “What took attackers over two months in 2019 took just under four days in 2021,” the report states.
They say phishing was the top initial access vector identified in 41 per cent of incidents, followed by exploitation of public facing applications in 26 per cent of cases. Interestingly, credit card information was sought in only 29 per cent of phishing kits in 2022, a 52 per cent decline. “Lower instances of phishing kits seeking credit card data indicate that phishers are prioritizing personally identifiable information which allows them broader and more nefarious options.”
The report also includes a look at top spoofed brands, vulnerabilities in depth, at business email compromise, cyberwarfare, the malware landscape and the evolution of malware delivery, geographic trends and industry trends.
It also dedicates a great deal of analysis to the problem of extortion and the evolving tactics threat actors are using. They say at least one ransomware group experimented with making the data they’d stolen available to second level victims. “In 2023, X-Force expects to see threat actors experimenting with enhanced or novel downstream victim notification to increase the potential legal and reputational costs of an intrusion,” they write, adding that new ways to pressure victims into paying continue to evolve even further.
Broken down by industry and geography, they say the United States accounted for 80 per cent of North America’s attacks, compared to Canada’s 20 per cent. Finance and insurance, which gave up the top spot as the most targeted industries for five consecutive years until 2021, made up 18.9 per cent of all attacks in 2022, down from 22.4 per cent in 2021 and 23 per cent in 2020. In finance and insurance backdoor attacks were the most commonly observed action, followed by ransomware and malware-infected documents at 11 per cent each. “Spear-phishing” attachments – those which appear to be sent from known or trusted senders – were used in 53 per cent of attacks against the sector.
