Share this article on:
IBM has released its 2017 IBM X-Force Threat Intelligence Index: An analysis of a particularly bad year for data breaches, cyberattacks, malware, and ransomware.
2015 may have been the year of ‘the mega data breach’ for the healthcare industry, although IBM gives 2016 that title. 2016 saw record-breaking numbers of records exposed across all industry sectors and some of the largest data breaches ever discovered.
While healthcare was the most targeted industry in 2015, in 2016 it was the financial services sector that claimed that unenviable title.
Across all industry sectors there was a 566% jump in compromised records in 2016, increasing from around 600 million records to more than 4 billion, with the breach at Yahoo accounting for 1.5 million of those. The total number of exposed or stolen reports in 2016 was more than the combined totals for 2014 and 2015.
Ransomware infections increased sharply in 2016. In the first quarter of the year, ransomware had raked in an estimated $209 million in payments. DDoS attacks also went big in 2016 as new botnets were developed. While DDoS attacks in excess of 300+ Gbps were a rarity in 2015, in 2016 they became the new norm. One attack on a French hosting company registered a colossal 1 Tbps.
2016 also saw record numbers of vulnerabilities disclosed, many of which were exploited. IBM recorded 10,197 disclosed vulnerabilities in 2016, the highest figure of any year since IBM started tracking vulnerabilities.
While the healthcare dropped out of the five most targeted industries, it does not mean the healthcare industry fared particularly well. There were more reported healthcare data breaches in 2016 than in any other year to date. IBM calculated there was an 88% fall in exposed or stolen healthcare records compared to the previous year. The mega healthcare data breaches of the year before did not occur, but there was an increase in smaller data breaches.
The percentage of healthcare data beaches caused by outsiders fell in 2015. Outsiders accounted for 29% of reported data breaches; however, attacks by malicious insiders and inadvertent actors were both up, accounting for 25% and 46% of attacks respectively. Inadvertent actors included systems compromised in phishing attacks, clickjacking, and infections via malicious email attachments.
The industry had the greatest percentage of insider attacks compared to attacks by outsiders out of the top five attacked industries. The reason provided by IBM was the healthcare industry is more susceptible than other industries to phishing attacks.
IBM reports that the majority of attacks on the healthcare industry involved SQLi and OS CMDi, which combined accounted for almost half of attacks (48%). This was followed by attacks classed by IBM as ‘Manipulate System Resources.’ Image File attacks were also popular with cybercriminals, accounting for 28% of attacks. These attacks involve the sending of malicious image files via spam email. The files contain malicious code that runs when the file is opened. Brute force attacks used against authentication mechanisms was the fourth most common attack method, accounting for 6% of attacks.
IBM notes in its report that spam email volume increased in 2016, with a major rise in spam email messages with malicious attachments.
As 2016 started, exploit kits were the method of attack of choice for many cybercriminals. Exploit kits are used to probe for security vulnerabilities that can be exploited to silently download malware and ransomware. As the year progressed exploit kit activity fell significantly. Cybercriminals turned to spam email as the malware and ransomware distribution method of choice. As exploit kit activity fell, spam email volume increased.
Spam email volume started to rise from around May 2016 reaching the highest level of the past two years by December. The volume of spam emails containing malicious email attachments also continued to increase steadily from the spring, with the highest percentages recorded in December.
Given the extent to which healthcare organizations are being targeted by cybercriminals and bombarded with spam, IBM suggests organizations should ensure they are applying security fundamentals, are learning best practices, studying threat intelligence reports and sharing their attack experiences and findings.