Cyber Criminals Are Changing Their Methods

Uploaded on 2019-03-26 in GOVERNMENT-Law Enforcement, FREE TO VIEW

Increased security measures and awareness are driving cyber-criminals to alter their techniques in search of a better return on investment (ROI).  As a result, two major shifts occurred, including decreased reliance on malware and a decline in ransomware, as criminals increased their use of other cyber-crime techniques with the potential for greater ROI, according to the annual 2019 IBM X-Force Threat Intelligence Index.

IBM X-Force also observed that the number of crypto-jacking attacks, which is the illegal use of an organisation’s or individual’s computing power without their knowledge, in order to mine crypto-currencies, were nearly double those of ransomware attacks in 2018. 

With the price of crypto-currencies like Bitcoin hitting a high of nearly $20,000 going into 2018, lower-risk/lower-effort attacks secretly using a victim’s computing power were on the rise. In fact, IBM spam researchers only tracked one ransomware campaign in 2018 from one of the world’s largest malware spam distribution botnet, Necurs.

The IBM X-Force Threat Intelligence Index also found that cybercriminals were changing their stealth techniques to gain illegal profits. Researchers saw an increase in the abuse of administrative tools, instead of the use of malware. More than half of cyber-attacks (57 percent) leveraged common administration applications like PowerShell and PsExec to evade detection, while targeted phishing attacks accounted for nearly one third (29 percent) of attacks.

“If we look at the drop in the use of malware, the shift away from ransomware, and the rise of targeted campaigns, all these trends tell us that return-on-investment is a real motivating factor for cyber-criminals. We see that efforts to disrupt adversaries and make systems harder to infiltrate are working."

While 11.7 billion records were leaked or stolen over the last three years, leveraging stolen Personally Identifiable Information (PII) for profit requires more knowledge and resources, motivating attackers to explore new illicit profit models to increase their return on investment,” said Wendi Whitmore, Global Lead, IBM X-Force Incident Response and Intelligence Services (IRIS). 

“One of the hottest commodities is computing power tied to the emergence of crypto-currencies. This has led to corporate networks and consumer devices being secretly high-jacked to mine for these digital currencies.”

HelpNetSecurity:

You Might Also Read:

Cybersecurity Vigilance Is Mandatory:

« US Surveillance System Exposed By Snowden Goes Dormant
US Cyber Command Can Cut Russian Troll Access »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ARC Advisory Group

ARC Advisory Group

ARC is a leading technology research and advisory firm with expertise in both information technologies (IT) and operational technologies (OT)

The Media Trust

The Media Trust

The Media Trust continuously scans websites, ad tags and mobile apps and alerts on anomalies affecting websites and visitors.

Bounga Informatics

Bounga Informatics

Bounga Informatics provides Digital Forensics, E-Discovery, and Endpoint Security software, hardware, and training in Singapore and other countries in Asia Pacific.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

KIOS Center of Excellence (KIOS CoE)

KIOS Center of Excellence (KIOS CoE)

KIOS carries out top level research in the area of Information and Communication Technologies (ICT) with emphasis on the Monitoring, Control and Security of Critical Infrastructures.

Sphonic

Sphonic

Sphonic provides regulated institutions of any size a powerful compliance & risk platform to quickly and securely onboard new customers and manage ongoing AML and Fraud & Risk trends.

Cyber Pathways

Cyber Pathways

Cyber Pathways brings together the next generation of Cyber professionals along with delegates who are looking to cross train and enter the cyber market.

ThriveDX

ThriveDX

ThriveDX, the world’s premier EdTech provider (formerly HackerU), champions digital transformation training as a means of empowering individuals to thrive in the age of digital disruption.

Humming Heads

Humming Heads

Humming Heads offers a complete solution to fight the advanced threats that target a company's endpoints and servers.

BlackScore

BlackScore

BlackScore is a technology company seeking to disrupt risk assessment using AI-driven technology.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

Sentrium Security

Sentrium Security

Sentrium is committed to helping organisations protect their technology, information and people. Our range of bespoke services provide solutions to tackle a broad range of cyber security challenges.

ATHENE National Research Center For Applied Cybersecurity

ATHENE National Research Center For Applied Cybersecurity

ATHENE is the largest research center for cybersecurity and privacy in Europe, conducting application-oriented top-level research for the benefit of the economy, society and the state.

Globesecure Technologies

Globesecure Technologies

Globesecure Technologies is a networks and cyber security company. We are here to resolve business security challenges and secure the digital transformation journey of our clients.

c0c0n

c0c0n

c0c0n is the longest running conferences in the area of Information Security and Hacking, in India.

Acclaim Technical Services (ATS)

Acclaim Technical Services (ATS)

ATS provide operational products, services and solutions to the defense and intelligence communities for all types of critical mission needs.