IBM Report: Better Ransomware Detection Hasn’t Stopped Hackers From Locking up Company Data

IBM Security X-Force just released its Threat Intelligence Index 2023. There’s good news and bad news. First, the good news (if you want to call it that). Ransomware’s share of incidents dropped from 21 percent in 2021 to 17 percent in 2022.

Backdoor deployments, where malware gives hackers remote access to systems, were the most common attacks that IBM’s team handled. This leads to more good news: 67 percent of backdoor cases were failed ransomware attacks as organizations successfully disrupted the backdoor before the ransomware was deployed.

The bad news? “Cyberattacks are more prevalent, creative, and faster than ever,” writes IBM.

As we share the IBM Index 2023’s breakdown of some key stats that will start some IT pros’ hearts pumping faster, we’ll follow with some guidance on how you can mitigate these threats.

Phishing Is King

Phishing—fake emails or other messages that dupe individuals into revealing private information—tops the list of techniques for gaining initial access, occurring in 41 percent of incidents. And 62 percent of phishing attacks used spear phishing attachments, making it hackers’ favorite attack vector, whether deployed alone or combined with links or spearfishing via service.

Even worse, the number of thread hijacking attempts—where one or more individuals replies to an established email thread, inserting spam email—has resulted in the spread of malware, including Emotet, Qakbot, and IcedID.

Some more good news: 2022 saw a 52 percent decline in phishing attacks targeting credit card data.

Spoofing Relies on Big Brands

Spoofing, where a cybercriminal pretends to be a trusted entity or device to manipulate your behavior, often uses the top brands in tech to steal credentials. That opens the doors to other accounts. The brands are so familiar that most people don’t suspect an attack when the email arrives. Think Microsoft, Google, Facebook, and so on.

Vulnerability Exploits

While the numbers are decreasing—from 34 percent in 2021 to 26 percent in 2022—vulnerability exploitation was the second most frequent infection vector last year. The Index notes that not every vulnerability exploited by threat actors results in a cyber incident. Incidents resulting from vulnerability exploitation dropped to 19 percent in 2022 after rising to 34 percent in 2020. X-Force attributes this drop to the Log4J vulnerability in 2021, which hit many organizations.

Incident Impacts

While ransomware makes the most headlines, attackers go after organizations for plenty of other reasons. X-Force breaks them down as follows:

• Extortion: 21%
• Data theft: 19%
• Credential harvesting: 11%
• Data leak: 11%
• Brand reputation: 9%

Teach Your Team and Avoid Becoming a Stat

On page 54 of The Threat Intelligence Index, you’ll find a section of recommended actions you should take to secure your organization against malicious threats like those it includes in its report. Most of these recommendations relate to IT practices, strategies, and technologies. We strongly suggest you follow their advice.

But we also want to highlight one thing the report makes clear. People are often the real problem regarding malware. One number says it all: 82 percent of breaches involve the human element, according to the Verizon 2022 Data Breach Investigations Report.

So, while you still need to invest in data resilience technologies, including adequate data protection, backup, and recovery solutions, you must also invest in educating your people. Whether you choose to hire an outside service or do it yourself, you need to train everyone in your organization so they can spot a suspicious email, website, or attachment—and know what to do about it.

You also need to regularly test the effectiveness of your training with a consistent, ongoing program that helps you continually identify individuals who aren’t in compliance to improve your human defense shield.  

Fight Ransomware with a Multilayered Strategy

A proactive, multilayered approach prevents, protects, and immunizes backup data from ransomware and other cyberattacks.

Immutable backup storage—on-premises with Arcserve OneXafe appliances or in the cloud with Arcserve Unified Data Protection (UDP) and AWS Object Lock—keeps your data safe from malicious exploits no matter what.

Learn more about Arcserve products by choosing an Arcserve technology partner. And be sure to check out our on-demand demos.

You can download the complete IBM Security X-Force Threat Intelligence Index 2023 here.