Ransomware Attacks Decline as Cryptojacking Grows, IBM X-Force Reports | eWeek

Ransomware Attacks Decline as Cryptojacking Grows, IBM X-Force Reports

Threat Intelligence Index
Feb 26, 2019
3 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

While ransomware is still a risk, it’s not the primary attack vector used by hackers to make money, according to IBM.

The 2019 IBM X-Force Threat Intelligence Index was released on Feb. 26, providing insight into the attack landscape over the course 2018. The report, based on data observed by IBM from monitoring over 70 billion security events a day around the world for customers, found a few things that IBM researchers didn’t expect to find.

“One of the biggest surprises from our perspective was the significant decline in ransomware compared to the past few years,” Michelle Alvarez, threat research manager for IBM X-Force IRIS (Incident Response and Intelligence), told eWEEK. “We anticipated we would see somewhat of a reduction given the extensive communication efforts by the security community and law enforcement around ‘don’t pay the ransom’; however, the 45 percent drop in ransomware attacks in the period of one calendar year is pretty significant.”


In this eWEEK Data Points article, we look at some of the key trends and figures identified in the 37-page 2019 IBM X-Force Threat Intelligence Index.

Data Point No. 1: Goodbye ransomware, hello cryptojacking.

There was a sharp decrease in the volume of ransomware attack attempts across devices monitored by IBM X-Force over the course of 2018. IBM reported that the number of ransomware attempts in the fourth quarter of the year (from October to December) declined to less than half (45 percent) of the attempts in Q1. 

While ransomware attempts declined, unauthorized cryptocurrency mining activity, known as cryptojacking, rose.

“Over the last couple of years we’ve been highlighting the increase in network attacks leveraging cryptomining tools, but the massive increase in cryptojacking attacks—450 percent over the same time frame—has really brought this threat to the forefront,” Alvarez said.

Data Point No. 2: BEC is increasingly lucrative.

While ransomware is on the decline and cryptojacking is growing, IBM found that often the more lucrative form of attack is Business Email Compromise (BEC). In a BEC attack, a fraudster looks to trick a victim into paying a fraudulent invoice for services.

BEC scams accounted for 45 percent of the phishing attacks tracked by IBM X-Force in 2018, and it’s a trend that is continuing.

“In Q1 2019, one of the major threats we’re still seeing from an incident response perspective is Business Email Compromise, which was one of the top phishing scams we observed in 2018,” Alvarez said.

Data Point No. 3: Vulnerability reporting is on the rise.

At the end of 2018, IBM X-Force reported that it was tracking 140,000 known vulnerabilities, and of those, 42,000 were reported in just the past three years. 

Of the known vulnerabilities, IBM estimated that approximately one-third do not have patches. The overall rise in the volume of vulnerability disclosures is seen by IBM as contributing to an increasing attack surface.

Data Point No. 4: U.S. is No. 1 when it comes to malware command and control.

Looking at its own set of globally monitored spam traps, IBM X-Force identified the U.S. as the country with the most malware command and control (C&C) servers. C&C servers direct victimized systems to send spam and deliver malware.

According to IBM X-Force, 36 percent of the total number of global C&C servers are located somewhere in the U.S.

Data Point No. 5: Cyber-attackers are going after the transportation industry.

The most attacked industry in 2018 was the finance and insurance sector, at 19 percent of all incidents tracked by IBM X-Force. While attackers going after financial services is not a surprise, what was surprising was a surge in attacks against the transportation industry.

Transportation was the second most attacked sector in 2018—moving up from 10th place in 2017. Overall, attacks against the transportation sector accounted for 13 percent of all attacks monitored by IBM.

Data Point No. 6: Misconfigurations have grown though impact is muted.

Publicly disclosed misconfiguration incidents increased 20 percent year-over-year in 2018. Yet, even though more incidents were reported, there were 52 percent fewer records compromised in 2018 than in 2017 due to misconfigurations.

Data Point No. 7: Non-malware attacks are a growing concern.

While malware is still actively used by attackers, the majority (57 percent) of breaches IBM X-Force IRIS responded to did not involve the use of malicious files.

Instead of malware, attackers are making use of different non-malicious tools to evade detection, including PowerShell and PsExec.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.