IBM X-Force Threat Index finds Google, Apple, Amazon are most often spoofed

Attacks on industrial control systems are up and code for banking trojans and ransomware is evolving the fastest.

The X-Force Threat Intelligence Index 2020 found that hackers are targeting manufacturing plants, making banking trojans more sophisticated, and spoofing tech brands to make phishing schemes successful.

IBM Security releases the IBM X-Force Threat Intelligence Index annually, summarizing the most prominent threats identified by research teams.
 
Researchers highlighted what went wrong in 2019 with cybersecurity operations and looked ahead to predict what will change in 2020.

SEE: Phishing and spearphishing: An IT pro's guide (free PDF)

Spike in industrial control systems and Operational Technology attacks 

Attacks on these assets went up more than 2000% since 2018. In fact, there were more attacks on OT targets in 2019 than the volume from the past three years. Most attacks used a combination of known vulnerabilities within SCADA and ICS hardware components, as well as password-spraying attacks using brute force login tactics.

The convergence of IT and OT infrastructure means that breaches can extend to devices that control physical assets. In early 2019, IBM X-Force IRIS responded to a breach at a global manufacturing company where a ransomware infection started on an IT system and then moved into the OT infrastructure. Plant operations stopped and caused a ripple effect in global markets.

Top 10 most spoofed brands are tech companies

Phishing was one of the most popular methods of attack in 2019, and hackers were most likely to spoof tech companies and social media platforms. As the report states, "an authentic-looking website can help convince a user to divulge personal data on a malicious website if it resembles the original closely enough."

According to IBM X-Force, the top 10 brands spoofed in spam in 2019 were:
Google        39%
Youtube    17%
Apple        15%
Amazon    12%
Spotify        5%
Microsoft    3%
Facebook    2%
Instagram    15%
WhatApp    1%

Although log-in credentials for a site like Spotify don't have much financial value, hackers are exploiting the habit people have of using the same password for many sites. This could allow one set of credentials to open up access to another account.

Malware genetic code innovation

For this section of the report, the IBM researchers worked with Intezer, a company that does genetic analysis on malware's binary code. The idea was to determine how the malware code was mutating over time instead of relying on existing code. These changes show how much time and effort bad actors are spending to expand their capabilities and avoid detection. This is the cost of doing business for hackers because if the malware doesn't evolve, it will see faster detection and potential "extinction."

Researchers saw the most new code in banking trojans and ransomware. Cryptominers showed a drop in innovation in 2019 but maintained a high level of activity. 

New and old security threats to track in 2020

In addition to highlighting the trends of 2019, the X-Force team looked ahead to the most likely threats in the new year. Researchers predict that the risk surface will keep getting bigger with more than 150,000 current vulnerabilities and new ones surfacing all the time. Bad actors will be looking for new targets, including IoT devices, operational technology, and connected industrial and medical systems. Here are a few more risks to monitor:

  • Ransomware and cryptominers will continue to evolve

  • Ongoing spam will require diligent blacklisting, vulnerability patching, and threat monitoring

  • Organizations can use their geographic location to help identify the most likely attackers and attack motivations

According to the report, bad actors will continue to use ransomware, cryptominers, and botnets, requiring organizations to defend against varied malware threats over time.

Strengthening cyber defenses

The report authors recommend multifactor authentication (MFA) as one of the most efficient security tactics. MFA can stop credential theft which is one of the most common attack methods in 2019.

The IBM X-Force team suggests that organizations take these steps as well to defend against cyber attacks:

  • Install a solution to detect and block spoofed domains to prevent phishing

  • Have backups, tets, back ups and store backups offline

  • Stress test the incident response plans with tabletop exercises or cyber range experiences

  • Leverage threat intelligence to better understand threat actor motivations and tactics to prioritize security resources

North American companies took the brunt of cyberattacks in 2019 with 44% of all incidents in 2019. X-Force incident response reports showed the most activity in business email compromise, ransomware, and nation-state targeting of the financial sector. The report lists the Democratic National Convention, the Republican National Convention, and the presidential election as 2020 events with historic cybersecurity significance.

Asia got the second highest risk rating with 22% of 2019 incidents with Europe coming in at 21% of incidents.

Report methodology

Data and insights presented in this report are based on IBM Security managed security services, incident response services, penetration testing engagements, and vulnerability management services.

IBM X-Force research teams analyze data from hundreds of millions of protected endpoints and servers and data from spam sensors and honeynets. IBM Security Research also runs spam traps around the world and monitors tens of millions of spam and phishing attacks daily.