IBM security experts X-Force have released their “Threat Intelligence Index” for 2019. It once again reveals that a large portion of attacks are conducted by means of phishing emails.
More precisely, nearly a third (29 percent) of the cyber attacks analyzed by X-Force IRIS employed phishing as their vector of attack. Just fewer than a half (45 percent) of those, in turn, contained attempts at fraud by way of Business Email Compromise (BEC), also known as CEO Fraud or Whaling.
Another insight: 27 percent of phishing attacks registered by IBM, including those attempting BEC, targeted Microsoft Office 365 users, whose Exchange Online email server is located in the cloud. These email accounts were often compromised by way of web access. An attacker typically sends a message from a 365 account, inviting the recipient to edit a file stored on SharePoint. When trying to open the document, the victim is then presented with a fake OneDrive log-in screen. With the credentials duly nicked, the attacker is now free to take over the account and send emails looking absolutely legitimate to the victim’s supply chain, for instance instructing customers to make large bank transfers to an unusual bank account.
Both of these trends underline the necessity to safeguard corporate emails optimally against so-called advanced threats. This also applies to Office 365, which already provides some security mechanisms, depending on the respective plan. It moreover makes sense to separate person-to-person email traffic from transactional emails and mass marketing messages. This is precisely what Retarus Email Security, Retarus Transactional Email (formerly «Email for Applications») as well as the new tailor-made packages offered by Retarus Email Enterprise Extensions for O365 make possible.
Other eye-opening insights from 2019’s Threat Intelligence Index: Providers of financial services and insurers (19 percent of all attacks) are most likely to be subject to digital attacks, followed by transport companies (13 percent). Cyber crooks increasingly ply their trade by “living off the land”, using powerful system networking tools such as PowerShell or WMIC. Only recently the weapon of choice was ransomware, but the current trend in malware shows a shift towards coin mining, in which infected computers are abused for “cryptojacking” purposes, to surreptitiously mine crypto-currencies for the attackers.
The number of incidents in which incorrectly configured systems played a role, rose by 20 percent in a year-on-year comparison, IBM go on to say. The biggest spreader of malware was still the “Necurs” botnet in 2018. As regards banking trojans, “TrickBot” and a number of new variations on the malware were the most active. Companies were especially taken for a ride by the processor vulnerabilities known as “Spectre” and “Meltdown”. The highest number of C&C (Command and Control) servers used for controlling malware were located in the USA, while the most spam – no less than 40 percent – came from China. The full 36-page report is available for download from IBM upon registration. There is also an animated infographic illustrating the key outcomes.