Automaton takes center stage in enterprise cyberattacks

Massive repositories of stolen data are being weaponized in an attempt to compromise corporate networks.

Malware: Hacking campaign linked to Iran

The use of automaton to weaponize stolen information dumps is an emerging trend in cyberattacks taking place against enterprise targets, new research suggests. 

On Tuesday, IBM released the annual X-Force Threat Intelligence Index, a report based on information gathered from 70 billion security events across 130 countries to spot patterns and themes in cybersecurity. 

This year's report says that roughly 60 percent of unauthorized entries into networks leverage either stolen data or known vulnerabilities that are yet to be patched. 

See also: As coronavirus challenges mount, WHO's reputation is being hijacked for data theft scams

With data repositories to hand or exploits for pre-existing security flaws, this has led to a decline in phishing attacks, accounting for only 31 percent of successful infection attack vectors over 2019 -- a drop of 25 percent year-on-year. 

IBM says that last year, over 8.5 billion records were compromised, a 200 percent increase in exposed data from 2018. Over 85 percent of these records were leaked due to misconfigurations in the cloud. 

In turn, this is giving threat actors more ammunition for automatic credential-stuffing attacks.

CNET: Everything you need to know about SIM swap fraud, plus one thing to do right now

A recent EMA study suggested that 39 percent of enterprise employees reuse the same credentials across multiple accounts and close to a third are not resetting them on a regular basis, leading to a situation which "favors cybercriminals' ability to scale attacks," IBM says. 

"The amount of exposed records that we're seeing today means that cybercriminals are getting their hands on more keys to our homes and businesses," said Wendi Whitmore, Vice President of IBM X-Force Threat Intelligence. "Attackers won't need to invest time to devise sophisticated ways into a business; they can deploy their attacks simply by using known entities, such as logging in with stolen credentials."  

TechRepublic: How Shadow IT could put your organization at risk

While stolen credentials are now an entry point into corporate networks 29 percent of the time, in a third of cases, cyberattackers will exploit vulnerabilities. Of particular note are old bugs that have existed for years, including those relating to Microsoft Office and the Windows Server Message Block, which remain unpatched and are still successfully being used as attack vectors. 

Of note are Industrial Control Systems (ICS), the report says, which are estimated to be experiencing a 2000 percent increase in attacks year-over-year. 

According to IBM, the major of cyberattacks against manufacturers involved known vulnerabilities in SCADA and ICS hardware, as well as credential stuffing tactics. The increase has been linked to the activities of two specific groups, Xenotime and APT33.

"The risk surface will continue to grow in 2020, with more than 150,000 current vulnerabilities and new ones reported regularly," the report notes. "With over four times as many records breached in 2019 as in 2018, the year 2020 could see another big number of lost records due to breaches and attacks."

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0