Ransomware Attacks Decline as Cryptojacking Grows, IBM X-Force Reports

eWEEK DATA POINTS: In 2018, IBM X-Force monitored over 70 billion security events every day and from the data has now compiled its latest Threat Intelligence Index, providing insight into the attack landscape.

Threat Intelligence Index

While ransomware is still a risk, it's not the primary attack vector used by hackers to make money, according to IBM.

The 2019 IBM X-Force Threat Intelligence Index was released on Feb. 26, providing insight into the attack landscape over the course 2018. The report, based on data observed by IBM from monitoring over 70 billion security events a day around the world for customers, found a few things that IBM researchers didn't expect to find.

"One of the biggest surprises from our perspective was the significant decline in ransomware compared to the past few years," Michelle Alvarez, threat research manager for IBM X-Force IRIS (Incident Response and Intelligence), told eWEEK. "We anticipated we would see somewhat of a reduction given the extensive communication efforts by the security community and law enforcement around 'don't pay the ransom'; however, the 45 percent drop in ransomware attacks in the period of one calendar year is pretty significant."

In this eWEEK Data Points article, we look at some of the key trends and figures identified in the 37-page 2019 IBM X-Force Threat Intelligence Index.

Data Point No. 1: Goodbye ransomware, hello cryptojacking.

There was a sharp decrease in the volume of ransomware attack attempts across devices monitored by IBM X-Force over the course of 2018. IBM reported that the number of ransomware attempts in the fourth quarter of the year (from October to December) declined to less than half (45 percent) of the attempts in Q1. 

While ransomware attempts declined, unauthorized cryptocurrency mining activity, known as cryptojacking, rose.

"Over the last couple of years we've been highlighting the increase in network attacks leveraging cryptomining tools, but the massive increase in cryptojacking attacks—450 percent over the same time frame—has really brought this threat to the forefront," Alvarez said.

Data Point No. 2: BEC is increasingly lucrative.

While ransomware is on the decline and cryptojacking is growing, IBM found that often the more lucrative form of attack is Business Email Compromise (BEC). In a BEC attack, a fraudster looks to trick a victim into paying a fraudulent invoice for services.

BEC scams accounted for 45 percent of the phishing attacks tracked by IBM X-Force in 2018, and it's a trend that is continuing.

"In Q1 2019, one of the major threats we're still seeing from an incident response perspective is Business Email Compromise, which was one of the top phishing scams we observed in 2018," Alvarez said.

Data Point No. 3: Vulnerability reporting is on the rise.

At the end of 2018, IBM X-Force reported that it was tracking 140,000 known vulnerabilities, and of those, 42,000 were reported in just the past three years. 

Of the known vulnerabilities, IBM estimated that approximately one-third do not have patches. The overall rise in the volume of vulnerability disclosures is seen by IBM as contributing to an increasing attack surface.

Data Point No. 4: U.S. is No. 1 when it comes to malware command and control.

Looking at its own set of globally monitored spam traps, IBM X-Force identified the U.S. as the country with the most malware command and control (C&C) servers. C&C servers direct victimized systems to send spam and deliver malware.

According to IBM X-Force, 36 percent of the total number of global C&C servers are located somewhere in the U.S.

Data Point No. 5: Cyber-attackers are going after the transportation industry.

The most attacked industry in 2018 was the finance and insurance sector, at 19 percent of all incidents tracked by IBM X-Force. While attackers going after financial services is not a surprise, what was surprising was a surge in attacks against the transportation industry.

Transportation was the second most attacked sector in 2018—moving up from 10th place in 2017. Overall, attacks against the transportation sector accounted for 13 percent of all attacks monitored by IBM.

Data Point No. 6: Misconfigurations have grown though impact is muted.

Publicly disclosed misconfiguration incidents increased 20 percent year-over-year in 2018. Yet, even though more incidents were reported, there were 52 percent fewer records compromised in 2018 than in 2017 due to misconfigurations.

Data Point No. 7: Non-malware attacks are a growing concern.

While malware is still actively used by attackers, the majority (57 percent) of breaches IBM X-Force IRIS responded to did not involve the use of malicious files.

Instead of malware, attackers are making use of different non-malicious tools to evade detection, including PowerShell and PsExec.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.