The IBM report is based on information collected from 70 billion security events in 130 countries and territories around the world, with the main goal of modeling topics and cyber security trends. globally throughout the year.
A lot of important information is highlighted in this year's X-Force Threat Intelligence Index:
- First of all, up to 60% of illegal system hacks are deployed based on known but unpatched vulnerabilities. Show that the consequences of delays in security patches can cause organizations to taste 'bitter fruits'.
- In 2019, there were more than 8.5 billion data breaches recorded, an increase of 200% compared to 2018. More than 85% of these stemmed from misconfigured vulnerabilities in the cloud system.
- On average, 39% of employees in a business have the habit of using the same login information for many different accounts, and nearly a third of these do not have a regular password change route. Such duplicate accounts are an easier target for hackers.
Attackers will not need to invest time to find sophisticated ways to gain access to the corporate network, they can deploy very basic attacks using data. know, such as stolen credentials from previous attacks.
- The IBM report also specifically notes the existence of old vulnerabilities discovered many years ago on Microsoft platforms, including Microsoft Office and Windows Server, which have not been patched and are still being used as Common attack vectors.
- Another notable concern stems from industrial control systems (Industrial Control Systems (ICS). The number of attacks targeting vulnerabilities in ICS systems has increased to 2000% in 2019, and is expected to increase sharply in the coming years.
- According to IBM, most of the cyber attacks targeting businesses are related to known vulnerabilities in SCADA and ICS hardware, as well as authentication strategies. This increase is closely linked to the activities of two major hacker groups: Xenotime and APT33.
- Nearly 60% of the 10 most fraudulent brands in the world are identified as Google and YouTube domain names, in addition to Apple (15%) and Amazon (12%) are often subject to hacker fraud. try to steal user data.
The only bright spot in this year's X-Force Threat Intelligence Index is that the number of successful phishing attacks has dropped, accounting for 31%, down nearly 25% compared to 2018.
If your English is good, you can view the full report at this link: