The financial services sector remained the top target for cybercriminals in 2017, according to the results of the 2018 IBM X-Force Threat Intelligence Index published on Wednesday from Cambridge, Mass.-based IBM Security.
For the second year in a row, the financial services industry suffered the most cyberattacks against it, accounting for 27% of attacks across all industries.
“While financial services organizations have invested heavily in cybersecurity technologies to protect organizations, cybercriminals focused on leveraging banking Trojans specifically targeting consumers and end users across the industry,” the report says.
According to the report, the Gozi malware and its variants were the most prevalently used malware against the financial services industry in 2017. The malware specifically targets customers as it takes over initial banking login screens with prompts for consumers to enter other personal information that is then shared directly with the attacker.
“The use of Gozi, considered to be run by a skilled cybercrime operation, highlights how organized crime is overtaking all other classes of actors in the financial malware-facilitated fraud scene,” IBM Security says in a news release.
Cybercriminals shifted their focus from illegally accessing private data to carrying out so-called ransomware attacks (which involve locking and threatening to destroy data unless a ransom is paid) in 2017.
According to the report, the total number of records breached in cyberattacks dropped by 25% in 2017, as 2.9 billion records were reported breached in 2017, down from 4 billion in 2016. At the same time, ransomware incidents cost organizations more than US$8 billion in 2017, the report estimates.
“While breached records are a good indication of cybercriminal activity, it doesn’t tell the full story of 2017,” says Wendi Whitmore, global lead, IBM X-Force Incident Response and Intelligence Services (IRIS), in a statement. “Last year, there was a clear focus by criminals to lock or delete data, not just steal it, through ransomware attacks. These attacks are not quantified by records breached, but have proven to be just as, if not more, costly to organizations than a traditional data breach.”
“The ability to anticipate these attacks and be prepared will be critical as cybercriminals will continue to evolve their tactics to what proves most lucrative,” Whitmore adds.
In 2017, cybercriminals continued to take advantage of human error and mistakes in infrastructure configurations to launch attacks, the report says. There was a huge jump (424%) in the number of breaches related to misconfigured cloud servers, and that this was largely due to human error.
These sorts of errors accounted for almost 70% of compromised records it tracked in 2017. Phishing attacks represented one-third of “inadvertent activity” that led to a security event in 2017, the report says.