IBM on the state of network security: Abysmal

IBM says cybercriminals are starting to grab unstructured data, spam has rebloomed 400% and ransomware has just gone nuts


The state of online security is darn dreadful. At least if you look at the results from the IBM Security’s 2017 IBM X-Force Threat Intelligence Index released today which contains myriad depressing nuggets such as:

  • The number of records compromised grew a historic 566% in 2016 from 600 million to more than 4 billion -- more than the combined total from the two previous years.
  • In one case, a single source leaked more than 1.5 billion records [see Yahoo breach].
  • In the first three months of 2016, the FBI estimated cybercriminals were paid a reported $209 million via ransomware. This would put criminals on pace to make nearly $1 billion from their use of the malware just last year.
  • In 2016, many significant breaches related to unstructured data such as email archives, business documents, intellectual property and source code were also compromised.
  • The most popular types of malcode we observed in 2016 were Android malware, banking Trojans, ransomware offerings and DDoS-as-a-service vendors. Since DDoS tools are mostly sold as a service and not as malware per se, we will focus here on banking Trojans, Android malware and ransomware.
  • In December 2016, a malware developer with an ongoing banking Trojan project showed up in underground forums, aspiring to sell some licenses as he worked on completing the development of all its modules. The actor promised to deliver future capabilities, such as a Socket Secure (SOCKS) proxy and hidden virtual network computing alongside technical support and free bug fixes. The malware was named Nuclear Bot, or NukeBot, at the time. IBM wrote it has yet to see NukeBot/Micro Bot active in the wild, analyses performed by X-Force and other vendors found that it has the potential to rise in 2017 and bring back commercial Trojan sales in the underground.
  • In 2015, Healthcare was the most attacked industry with Financial Services falling to third, however, attackers in 2016 refocused back on Financial Services.

IBM did note that while the healthcare industry continued to be beleaguered by a high number of incidents, attackers hit on smaller targets resulting in a lower number of leaked records. In 2016, only 12 million records were compromised in healthcare - keeping it out of the top 5 most-breached industries. For perspective, nearly 100 million healthcare records were compromised in 2015 resulting in an 88% drop in 2016, IBM stated.

+More on Network World: IBM warns of rising VoIP cyber-attacks+

“With Internet-shattering distributed-denial-of-service (DDoS) attacks, troves of records leaked through data breaches, and a renewed focus by organized cybercrime on business targets,

2016 was a defining year for security. Indeed, in 2016 more than 4 billion records were leaked, more than the combined total from the two previous years, redefining the meaning of the term “mega breach.” In one case, a single source leaked more than 1.5 billion records,” IBM wrote.

“While the volume of records compromised, last year reached historic highs, we see this shift to unstructured data as a seminal moment. The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways,” said Caleb Barlow, Vice President of Threat Intelligence, IBM Security.

+More on Network World: Old nemesis spam becoming significant way for attackers to subvert data+

The IBM X-Force Threat Intelligence Index is elicits response from more than 8,000 security clients in 100 countries and data derived from non-customer assets such as spam sensors and honeynets in 2016. IBM X-Force runs network traps around the world and monitors more than eight million spam and phishing attacks daily while analyzing more than 37 billion web pages and images.

Check out these other hot stories:

Cisco expands wireless reach with access points, management software

5 burning questions with new IETF Chair and Cisco Fellow Alissa Cooper

Cisco Talos warns of Apple iOS and MacOS X.509 certificate flaw

FTC warns on “Can you hear me now” robocall: Hang up!

Cisco: IOS security update includes denial of service and code execution warnings

Can you imagine Mars with Saturn-like rings?

Cisco closes AppDynamics deal, increases software weight

Juniper extends data center interconnect options

Cisco issues critical warning after CIA WikiLeaks dump bares IOS security weakness

DARPA wants to cultivate the ultimate transistor of the future

DARPA plan would reinvent not-so-clever machine learning systems

Cisco security advisory dump finds 20 warnings, 2 critical

Copyright © 2017 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022