From 2015 to 2016, the financial services sector went from suffering the third-most cyber attacks to being the industry that was attacked the most, according to the IBM X-Force Threat Intelligence Index.
An increased desire for personal identifiable information as one of the motivators behind the uptick since attackers can request a hefty price for the information, the report said..
IBM, the computer tech and information technology-consulting giant, has been tracking data breaches in industries such as finance, health care and retail. Using its findings from 235 publicly released data breaches in 2017, IBM identified six data breach trends that should be watched in 2018.
Some trends are nothing new, like phishing attacks, while others are new developments in rising industries, like cryptocurrency-targeted attacks.
Here are the top issues companies need to keep an eye on when it comes to cyber security, as described by IBM security specialists Jason Kravitz and Michelle Alvarez:.
Thingbots
A "thingbot" is a network of infected internet of things (IoT) devices, according to Paul Sabanal, a security researcher at IBM. This is significant because an increasing number of consumer items are being connected to the internet besides smart phones--things like TVs, printers and kitchen appliances. Once an attacker has control of one of these things, they can initiate attacks or steal information.
IBM research cited an incident last September where an IoT security platform named Armis Labs reported vulnerability in Bluetooth technology that could be silently exploited by an attacker within proximity.
The report stated that all devices in our environment have the potential to be compromised.
Failure To Patch
When organizations fail to update their software and implement the latest security features, it can lead to worldwide chaos, according to the report. Early last year, a malware outbreak affected 150 countries. According to IBM, it started with a common computer worm that spread because of a vulnerability in Windows software. Microsoft patched the issue a couple of months earlier, yet the outbreak still occurred. Kravitz and Alvarez suggested being timely with patches and being diligent with serious vulnerabilities.
Misconfigured Cloud Services
IBM tracked over a billion exposed records from only 24 incidents of misconfigured servers. What’s worse is that IBM reported that the server misconfigurations led to about 70 percent of publicly disclosed leaks in 2017.
The experts suggested professional penetration testing to discover any weaknesses in cloud servers.
Cyber Extortion
Blackmail has evolved on the internet to ransomware schemes, where attackers steal important client or product information and hold the information hostage for a ransom. Attackers can find information through third-party businesses, software vulnerabilities, a threat from inside the company and other methods.
Kravitz and Alvarez suggested preparing for the worse by having a game plan and a response team in place.
Compromised Business E-Mail
This is when attackers impersonate someone with a high rank at a company by creating a fake e-mail address with his or her name attached. The attacker than tries to copy the person's writing style in hopes of getting employees to send confidential information.
Cryptocurrency Theft
In the words of the famous rapper The Notorious B.I.G., “more money, more problems.” Kravitz and Alvarez said that as more value is placed on bitcoin and other cryptocurrencies, more attackers will see digital currency as a target. The report gave examples of the robbery of the Slovenian Bitcoin exchange for $77 million last year. In another incident, attackers changed the bank account number during an initial coin offering so funds could be transferred to the attackers’ account, stealing more than $7 million in ethereum cryptocurrency.
Kravitz and Alvarez suggested performing two-factor authentication for cryptocurrency exchanges and websites, and double or even triple checking recipient addresses.
To read more of the report, click here.
