Cyber Criminals Are Changing Their Methods

Increased security measures and awareness are driving cyber-criminals to alter their techniques in search of a better return on investment (ROI).  As a result, two major shifts occurred, including decreased reliance on malware and a decline in ransomware, as criminals increased their use of other cyber-crime techniques with the potential for greater ROI, according to the annual 2019 IBM X-Force Threat Intelligence Index.

IBM X-Force also observed that the number of crypto-jacking attacks, which is the illegal use of an organisation’s or individual’s computing power without their knowledge, in order to mine crypto-currencies, were nearly double those of ransomware attacks in 2018. 

With the price of crypto-currencies like Bitcoin hitting a high of nearly $20,000 going into 2018, lower-risk/lower-effort attacks secretly using a victim’s computing power were on the rise. In fact, IBM spam researchers only tracked one ransomware campaign in 2018 from one of the world’s largest malware spam distribution botnet, Necurs.

The IBM X-Force Threat Intelligence Index also found that cybercriminals were changing their stealth techniques to gain illegal profits. Researchers saw an increase in the abuse of administrative tools, instead of the use of malware. More than half of cyber-attacks (57 percent) leveraged common administration applications like PowerShell and PsExec to evade detection, while targeted phishing attacks accounted for nearly one third (29 percent) of attacks.

“If we look at the drop in the use of malware, the shift away from ransomware, and the rise of targeted campaigns, all these trends tell us that return-on-investment is a real motivating factor for cyber-criminals. We see that efforts to disrupt adversaries and make systems harder to infiltrate are working."

While 11.7 billion records were leaked or stolen over the last three years, leveraging stolen Personally Identifiable Information (PII) for profit requires more knowledge and resources, motivating attackers to explore new illicit profit models to increase their return on investment,” said Wendi Whitmore, Global Lead, IBM X-Force Incident Response and Intelligence Services (IRIS). 

“One of the hottest commodities is computing power tied to the emergence of crypto-currencies. This has led to corporate networks and consumer devices being secretly high-jacked to mine for these digital currencies.”

HelpNetSecurity:

You Might Also Read:

Cybersecurity Vigilance Is Mandatory:

« US Surveillance System Exposed By Snowden Goes Dormant
US Cyber Command Can Cut Russian Troll Access »

Directory of Suppliers

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockPath

LockPath

LockPath is a market leader in Governance, Risk Management & Compliance (GRC) and Information Security.

Automation Federation

Automation Federation

Automation Federation sets the standard for the management, safety and cybersecurity of modern industrial automation and control systems.

Credence Security

Credence Security

Credence Security, previously ARM, the regions speciality distribution company, specializes in IT security, Forensics and Incident Response.

Evolve Secure Solutions

Evolve Secure Solutions

Evolve Secure Solutions is a security focused managed services provider serving private and public customers across the UK.

Seltek Technology Solutions

Seltek Technology Solutions

Seltek provides Digital Forensics, eDiscovery, Cybersecurity Assessments and IT Support services.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

Elysium Analytics

Elysium Analytics

Elysium Cognitive Security Analytics delivers the latest and most flexible security system to reduce cost and complexity while providing unmatched scalability.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.