2017 IBM X-Force: Financial services at centre of cyber attacks

The number of records compromised in 2016 reached an unprecedented level with an increase of 556% from 2015, with more than 4 billion records leaked, showing cyber criminals are continuing to thrive. Not only were records leaked at an alarming rate, but 2016 marked the financial services sector as the most targeted industry by cyber-attacks. However, criminals attacking financial services were not as successful as other industries such as information and communication services companies and governments, and only the third most breached.  This is due to the fact that financial services have routinely been a top target, so they have been early adopters of robust security technologies and techniques to protect themselves. 

According to the 2017 IBM X-Force Threat Intelligence Index, the number of records breached and the volume of data stolen during 2016 totalled more than the previous two years combined. The dubious distinction was earned in a year that saw the largest distributed denial of service (DDoS) attack on record and a redoubled effort on the part of cybercriminals to attack businesses not only for their customer records, but for high-value intellectual property. 

IBM X-Force researchers found that more than 4 billion records were leaked during 2016, with one source alone accounting for more than 1.5 billion exposed records. The total volume affected by security failures for the year went beyond just the structured credit card and healthcare data and included personally identifiable information (PII) and all types of unstructured business information. 

Within our monitored customer environments alone, IBM X-Force recorded more than 54 million security incidents in 2016. That figure represents only a three percent increase from 2015, while the number of attacks on those environments decreased by an average of 12 percent. The average monitored client experienced 93 security incidents in 2016, down 48 percent from 178 in 2015. 

At first glance the decline appears to be good news, but the figures may indicate that hackers are relying on what they have found to be the most effective attack methods when targeting an organisation, yielding better results from their efforts. As that one instance of 1.5 billion compromised records illustrates, a single, successful attack can reap massive rewards for the attacker and be devastating to the victim. 

One of the hallmarks of last year’s data breach activity was that political power and social justice were as likely to be motives for the hackers as the promise of financial gain. In April of 2016 more than 11.5 million documents stolen from the Panamanian law firm Mossack Fonseca were leaked resulting in criminal investigations in nearly 80 countries. 

Later in the year hackers succeeded in penetrating information systems at the Democratic National Committee. Elsewhere in the world, notable breaches of unstructured data affected a Canadian casino operator, Turkish police, European professional footballers, French Freemasons, a Polish internet service provider, voter databases in the Philippines, Indian government servers, the Kenyan ministry of Foreign Affairs and a Qatari bank (a breach that included intelligence reports on “people of interest”). 

It’s worth noting that, while disclosed in 2016, a number of the breaches reported last year were “historical” in nature, having occurred in earlier years. This is a common phenomenon, but one that stands out for this report given the magnitude of the breaches in question, including the Yahoo! hack, which took place in 2013 and 2014. In other cases, such as LinkedIn and LastFM, the impacts of underreported historical breaches were updated in 2016. 

IBM X-Force has been tracking public disclosures of software vulnerabilities since 1997 and 2016 produced 10,197 vulnerabilities—the single highest on record in those twenty years. The largest number, 22 percent, were web application vulnerabilities, most of which were cross-site scripting (XSS) and SQL injection (SQLi) vulnerabilities, which could be leveraged by attackers to target vulnerable systems. 

These and many other attacks came in mostly familiar forms, such as brute force attacks aimed at taking over high-profile accounts; Mirai malware, turning hundreds of thousands of connected IoT devices into botnets for executing DDoS attacks; and spam volume was up more than 400 percent with 44 percent used as a means of delivering malware payloads, 85 percent of which was ransomware. Other types of attacks included command injection attacks (CIAs) like Shellshock, buffer overflow attacks intended to manipulate system data structures in an attempt to gain unauthorized system access, cross-site scripting (XSS), malvertising, watering hole attacks, phishing, Heartbleed OpenSSL attacks, and attacks of unknown origin making up the vast majority of hacking attempts. 

Of course, some organizations and industries are more likely to come under attack than others. These tend to be those that trade in high-value data, whether it is associated with finance, consumer profiles or intellectual property. Accordingly, IBM X-Force analysis identified the five most-targeted industries as: 

  1. Financial Services
  2. Information & Communications Technology
  3. Manufacturing
  4. Retail
  5. Healthcare

The methods employed and reasons associated with each of the targeted industries can often be traced to the kinds of information hackers seek from each. Data from financial services organisations typically means a direct or indirect monetary gain for a successful hack; data from information and communications tech companies may help hackers devise new ways of compromising accounts and systems in use by other organisations; attacks on manufacturers might yield valuable intellectual property; and retailers and healthcare organisations are likely targeted for the patient and customer accounts that can be exploited for fraudulent purposes. 

Persistent and increasingly aggressive cyberattacks on the global business community require vigilance and a focus on security fundamentals as a complement to investments in information security tools and programs. It is also important for us all to share best practices, new findings and relevant insights with each other. The more we learn from each other, the less lucrative cybercrime will become. When the effort is no longer profitable for hackers, fewer will be motivated to continue. 

Martin Borrett, CTO IBM Security Europe at IBM 

Image Credit: Number1411 / Shutterstock