IBM researchers detected a shift in the strategies used by cyberthieves.
IBM researchers detected a shift in the strategies used by cyberthieves.

Largely owing to the breach of Yahoo, 2016 proved to be the year when the term mega-breach reached a pinnacle, according to the just-released "IBM X-Force Threat Intelligence Index 2017."

In fact, the number of records compromised last year spiked 566 percent – from 600 million to more than four billion (with Yahoo comprising 1.5 billion of that total), found the 30-page report, which examined data breaches, attack vectors, targeted industries and perpetrators in 2016. But beyond the enormity of the records stolen, the IBM researchers also detected a shift in the strategies used by cyberthieves.

That is, the traditional prize for bad actors has traditionally been structured data, such as credit cards, passwords and personal health information. But, as the competition for such  booty heated up and the supply began to exceed the demand, the study noted a shift by cybercriminals to go after what it termed unstructured data – email archives, business documents, intellectual property and source code. This shift, the researchers said, resulted in the exposure of the "complete digital footprints" of a number of companies.

A positive development in 2016, however, was the implementation by a number of enterprises of more secure hashing functions, such as bycrypt, to store passwords. This resulted, the researchers noted, in considerably less success in cracking passwords, thereby devaluing the stolen data. Still, they said, as many users still are inclined to use simple passwords, web services would be well advised to insist to their users that they use less common passwords.

Does [a] reduction in attacks and incidents reflect a safer security environment in 2016?

At the top of the list of attack vectors, the increased incidence of ransomware moved this scourge from a nuisance to an epidemic. The problem was that more businesses were willing to pay the attackers, resulting in the attackers doubling down on their efforts.

And why not, as all it takes is a spam message with a malicious attachment. The IBM study observed a 400 percent increase in spam year over year with nearly half of spam loaded with malicious attachments. And, of those malicious attachments in 2016, ransomware comprised 85 percent.

Another shift observed was a migration of efforts back to attacks on the financial sector. But, there was some good news here. The X-Force report found that while the financial sector was the biggest target for cyberattacks in 2016, it was only third in compromised records. "The lower success rate versus the high volume of attacks in financial services indicates that continued investment in sustained security practices likely helped protect financial institutions," the report said.

Plus, there was further good news for defensive strategies. While clients monitored by IBM were hit by 54 million security events in 2016, the number of incidents overall dropped 48 percent in 2016. This was owing to a finetuning of existing security implementations, the report stated, as well as to an increase in new innovations such as cognitive systems.

However, the question remains: Does this reduction in attacks and incidents reflect a safer security environment in 2016? Perhaps, the researchers said. "That would be wonderful news to report. However, the reduction in attacks could mean attackers are relying more and more on proven attacks, thus requiring fewer attempts."

Additionally, the combination of massive record leaks and a record year of vulnerability disclosures also paints a different picture. "Regardless of the total number of attempted attacks or incidents, it takes only one successful compromise for an organization to end up as front page news and facing millions of dollars in data breach costs," the study found.

“With more than four billion records leaked in 2016, last year was unquestionably a defining year for security," Caleb Barlow, vice president of threat intelligence at IBM Security, told SC Media on Wednesday. IBM's new study, he said, reveals how the term ‘mega breach' was redefined – not only by the scale of attacks, but also by the discernible impact each breach had on real-world events. 

"Cyberthreats in 2016 bled into nearly every facet of society, from individuals and businesses to the public sector and governments around the world," Barlow told SC. "We must continue to practice security fundamentals and collaborate to lessen the damage of these attacks. The faster victims can react to cybercrime findings and share their experiences across the security community, the less time each threat will have to succeed and extend into critical areas of business and society.”