UPDATED 00:01 EST / FEBRUARY 22 2023

SECURITY

IBM finds defenders are becoming more successful in detecting and preventing ransomware

International Business Machines Corp.’s annual X-Force Threat Intelligence Index report released today finds that although ransomware’s share of incidents has declined slightly, defenders were more successful in detecting and preventing ransomware.

The report details various aspects of cyberattacks, including how the deployment of backdoors that allow remote access to systems emerged as the top action undertaken by attackers last year. About two-thirds of those backdoor cases were related to ransomware attempts, where defenders could detect the backdoor before the ransomware was deployed.

According to the report, the uptick in backdoor deployments can be partially attributed to their high market value. X-Force observed threat actors selling existing backdoor access for as much as $10,000, compared with stolen credit card data, which can sell for less than $10 today.

“The shift toward detection and response has allowed defenders to disrupt adversaries earlier in the attack chain – tempering ransomware’s progression in the short term,” explained Charles Henderson, head of IBM Security X-Force. “But it’s only a matter of time before today’s backdoor problem becomes tomorrow’s ransomware crisis. Attackers always find new ways to evade detection.”

The IBM Security X-Force Threat Intelligence Index report tracks new and existing trends and attack patterns, pulling from billions of data points from network and endpoint devices, incident response engagements and other sources.

Key findings in the report include that the most common impact from cyberattacks in 2022 was extortion, primarily achieved through ransomware or business email compromise attacks. Europe was the most targeted region for this method, representing 44% of extortion cases observed, as threat actors sought to exploit geopolitical tensions.

Cybercriminals were found to be weaponizing email conversations, with thread hijacking seeing a significant rise in 2022. Attackers were observed using compromised email accounts to reply within ongoing conversations posing as the original participant, with the rate of monthly attempts increasing by 100% compared with 2021 data.

Not surprisingly, legacy exploits continued to be a thing last year, but the numbers are improving somewhat. The report found that the proportion of known exploits relative to vulnerabilities declined 10 percentage points from 2018 to 2022 thanks to the number of vulnerabilities hitting another record high in 2022.

The report also details how cybercriminals often target the most vulnerable industries, businesses and regions with extortion schemes, applying psychological pressure to force victims to pay. Manufacturing was the most extorted industry in 2022, the most attacked industry for the second year running, since they’re an attractive target for extortion, given their extremely low tolerance for downtime.

As for ransomware, the report notes how more prevalent making stolen data more accessible to downstream victims has become. Operators increased pressure on the breached organization by bringing customers and business partners into the mix.

Image: IBM Security

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU