Cyber Criminals Are Changing Their Methods

Uploaded on 2019-03-26 in GOVERNMENT-Law Enforcement, FREE TO VIEW

Increased security measures and awareness are driving cyber-criminals to alter their techniques in search of a better return on investment (ROI).  As a result, two major shifts occurred, including decreased reliance on malware and a decline in ransomware, as criminals increased their use of other cyber-crime techniques with the potential for greater ROI, according to the annual 2019 IBM X-Force Threat Intelligence Index.

IBM X-Force also observed that the number of crypto-jacking attacks, which is the illegal use of an organisation’s or individual’s computing power without their knowledge, in order to mine crypto-currencies, were nearly double those of ransomware attacks in 2018. 

With the price of crypto-currencies like Bitcoin hitting a high of nearly $20,000 going into 2018, lower-risk/lower-effort attacks secretly using a victim’s computing power were on the rise. In fact, IBM spam researchers only tracked one ransomware campaign in 2018 from one of the world’s largest malware spam distribution botnet, Necurs.

The IBM X-Force Threat Intelligence Index also found that cybercriminals were changing their stealth techniques to gain illegal profits. Researchers saw an increase in the abuse of administrative tools, instead of the use of malware. More than half of cyber-attacks (57 percent) leveraged common administration applications like PowerShell and PsExec to evade detection, while targeted phishing attacks accounted for nearly one third (29 percent) of attacks.

“If we look at the drop in the use of malware, the shift away from ransomware, and the rise of targeted campaigns, all these trends tell us that return-on-investment is a real motivating factor for cyber-criminals. We see that efforts to disrupt adversaries and make systems harder to infiltrate are working."

While 11.7 billion records were leaked or stolen over the last three years, leveraging stolen Personally Identifiable Information (PII) for profit requires more knowledge and resources, motivating attackers to explore new illicit profit models to increase their return on investment,” said Wendi Whitmore, Global Lead, IBM X-Force Incident Response and Intelligence Services (IRIS). 

“One of the hottest commodities is computing power tied to the emergence of crypto-currencies. This has led to corporate networks and consumer devices being secretly high-jacked to mine for these digital currencies.”

HelpNetSecurity:

You Might Also Read:

Cybersecurity Vigilance Is Mandatory:

« US Surveillance System Exposed By Snowden Goes Dormant
US Cyber Command Can Cut Russian Troll Access »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

Israel Aerospace Industries (IAI)

Israel Aerospace Industries (IAI)

IAI offers a holistic approach that provides defense forces, governments, critical infrastructures and large enterprises with end-to-end cyber security & monitoring tools.

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

Forum of Incident Response & Security Teams (FIRST)

Forum of Incident Response & Security Teams (FIRST)

FIRST is the global Forum of Incident Response and Security Teams.

Trusted Objects

Trusted Objects

Trusted Object's mission is to provide state of the art security solutions and services enabling a strong root of trust for the IoT ecosystem.

IFE Digital Systems

IFE Digital Systems

IFE Digital Systems conducts research, development and consultancy in risk, safety and security related to digital systems in critical infrastructure.

Apozy

Apozy

Apozy replaces a secure web gateway to nullify phishing, malware and impersonation attacks.

Elemental Cyber Security

Elemental Cyber Security

Elemental is a game changing cyber security compliance automation and enforcement technology provider.

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

Cyware

Cyware

Cyware is the only company building Virtual Cyber Fusion Centers enabling end-to-end threat intelligence automation, sharing, and unprecedented threat response for organizations globally.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

CybersCool Defcon

CybersCool Defcon

CybersCool is committed to educate and train, re-skill and up-skill the current workforce of various industries and businesses in the knowledge and know-how of cybersecurity.

LastPass

LastPass

LastPass provides award-winning password and identity management solutions that are convenient, effortless, and easy to manage.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.