^

2016

A Growing Threat Landscape

Over the last three years, more than 11.7 billion records and over 11 Terabytes of data were leaked or stolen in publicly disclosed incidents. These compromised records and caches of data contained personally identifiable information (PII), such as social security numbers, addresses, phone numbers, banking/payment card information, or passport data.

Size of circles estimates relative impact of incidents in terms of cost to business, based on publicly disclosed information regarding leaked records and financial losses.

Total Records Lost:

6,224,889,828

Average Records Lost Per Month:

518,740,819

2017

A Growing Threat Landscape

Over the last three years, more than 11.7 billion records and over 11 Terabytes of data were leaked or stolen in publicly disclosed incidents. These compromised records and caches of data contained personally identifiable information (PII), such as social security numbers, addresses, phone numbers, banking/payment card information, or passport data.

Size of circles estimates relative impact of incidents in terms of cost to business, based on publicly disclosed information regarding leaked records and financial losses.

Total Records Lost:

2,910,997,137

Average Records Lost Per Month:

242,583,095

2018

A Growing Threat Landscape

Over the last three years, more than 11.7 billion records and over 11 Terabytes of data were leaked or stolen in publicly disclosed incidents. These compromised records and caches of data contained personally identifiable information (PII), such as social security numbers, addresses, phone numbers, banking/payment card information, or passport data.

Size of circles estimates relative impact of incidents in terms of cost to business, based on publicly disclosed information regarding leaked records and financial losses.

Total Records Lost:

2,727,359,895

Average Records Lost Per Month:

227,279,991
Impact of Security Incidents
jan
feb
mar
apr
may
jun
jul
aug
sep
oct
nov
dec
X-Force
Threat
Intelligence
Index
2019
The
Threat
Landscape
2016
2017
2018

Exploring the 2018 Threat Landscape

IBM Security analyzes millions of data points, deriving data and insights from IBM X-Force monitored security clients, incident response services, and penetration testing engagements.  

IBM Security releases the IBM X-Force Threat Intelligence Index annually outlining the most prominent threats analyzed by our various research teams over the last year. The purpose is to arm both defensive and red teams with information that can help better secure their organizations.  

Explore an overview of the key findings below.  

Shift to cryptojacking

In 2018, cybercriminals shifted away from ransomware and focused on snatching up profits through cryptojacking and other malicious cryptomining attacks. Over the course of 2018, these attacks increased 450%.

450%

Financial Services Targeted the Most in 2018

Financial Services
Transportation
Professional Services
Retail
19%

Financial Services

According to X-Force data analysis, the finance and insurance sector has been the most-attacked industry for three years in a row, with 19 percent of total attacks and incidents in 2018.

13%

Transportation

The second most targeted sector, transportation services, includes airlines, bus & rail, and water transportation services, experienced 13 percent of total attacks and incidents.

12%

Professional Services

The professional services sector—made up of companies that provide specialized consulting services, such as legal, accounting, and architecture firms—have come under increased risk for cyber attacks over the past several years.

11%

Retail

As the fourth-most targeted industry, retail has seen attackers take advantage of the proliferation of mobile apps used for retail shopping and mobile devices used in retail stores.

The Human Error Factor

Human error such as misconfigured cloud servers, unsecured cloud databases, and improperly secured rsync backups were responsible for 43% of publicly disclosed misconfiguration incidents, resulting in a more than 20% increase since last year.

43%
2018
17%
2017

Most Prevalent Financial Malware

Financially motivated threat actors continued to use a wide range of financial malware in 2018.

24%
22%
20%
18%
16%
14%
12%
10%
8%
6%
4%
2%
0
Trickbot
Gozi
Ramnit
IcedID
Zeus Panda
Dridex
Zeus Sphinex
Gootkit
Qakbot
TinyNuke
2018
2017

Leveraging Known Vulnerabilities

A significant rise in vulnerability disclosures is contributing to an ever-expanding attack surface.

140,000
recorded vulnerabilities
1/3
the amount of
vulnerabilities without patches
1,440
average number of
vulnerabilities per
organization

Download the IBM
X-Force Threat Intelligence Index

Explore the data featured in the report to gain insights into more of the latest trends impacting today's cyber security landscape.

Download the ReportDownload the Infographic