Known bugs and predictable phishing are behind your average security incident, IBM says

There's so much available in cybercrime forums that scammers don't need to be very creative, the X-Force team found after examining billions of incidents.
Computer with alert on it.

Lessons from the Equifax hack still haven’t spread far enough, it seems.

In that case, Chinese military personnel allegedly exploited a known security flaw in Equifax’s systems to steal data on roughly 145 million Americans. The vulnerability, an issue in the software framework called Apache Struts, had been solved with a patch some two months before, though the credit processing company had failed to install the proper fix.

Now, an IBM analysis of 70 billion security incidents in 130 countries over the past year has determined that attackers typically used known vulnerabilities or stolen credentials to break into a victims’ networks. By combining purloined usernames and passwords — typically captured via phishing emails, with malicious attachments — hackers are able to break into networks much in the same way they have for a generation, according to the report released Tuesday.

So many credentials are available in online data repositories, and malware so widely accessible in cybercrime communities, that reported phishing attacks make up 31% of successful infections, a 25% decline year-over-year.


“Attackers don’t need to invest time to device sophisticated ways into a business; they can ‘waltz’ into a network and deploy their attacks, simply by using known entities,” Wendi Whitmore, vice president of X-Force, IBM’s threat intelligence team, said in a statement.

IBM identified flaws, for which patches are available, in Microsoft systems such as the Windows Server Message Block protocol, as lingering areas of opportunities for attackers. Other malware, such as the Emotet and Trickbot hacking tools, would leverage Microsoft PowerShell vulnerabilities to distribute ransomware, the company said.

IBM also determined that technology and social media companies were most frequently spoofed by hackers trying to carry out phishing attempts. Domains that appeared to be from Amazon and Google, two of the most trusted brands in America, according to a recent Morning Consult poll, made up 51% of all the spoofing attempts detected by IBM last year, with YouTube, Apple, Spotify and Microsoft also in the mix.

Meanwhile, more than 8.5 billion records were exposed last year, a 200% increase over 2018, according to the report. Some 85% of those records were compromised because of misconfigurations in the cloud.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts