Attempts to hijack email conversations have intensified globally;
Ransomware attacks are no longer executed in months, but in days;
Retail is the most extorted sector in Brazil.
IBM Security released its annual X-Force Threat Intelligence Index report, which points out that, although the number of ransomware incidents in the world fell by only 4 percentage points from 2021 to 2022, in Brazil this drop was a considerable 12 percentage points. Furthermore, despite a higher success rate in detecting and preventing ransomware, attackers continued to innovate. The study shows that the average time to complete a ransomware attack decreased from 2 months to less than 4 days.
According to the 2023 report, the implementation of backdoors — loopholes that allow remote access to systems — emerged as the second action of attackers last year in Brazil. Many of these backdoor cases were related to ransomware attempts, where defenders were able to detect the action before it was possible to implement the attack. The increase in backdoor deployments can be partially attributed to its high market value. X-Force noted that threat actors sell access to existing backdoors on the dark web for up to US$10,000, compared to stolen credit card data, which sells for less than US$10 today.
Data theft (32%), data leaks (22%) and data destruction (22%)
were the most common actions carried out by cybercriminals in Brazil
“It is clear that attackers are being refined to gain efficiency in ransomware incidents, which is a well-known method of extortion here in the country. In addition, the implementation of backdoors has gained relevance, that is, cybercriminals are increasingly looking to spray their attack strategies, including reaching new economic sectors that were less highlighted in the last report. In this context, it is essential that companies envision a proactive threat-based security strategy and a well-tailored incident response plan that also considers the impact of an attack on the final victims,” says Roberto Engler, Security Leader at IBM Brazil .
The IBM Security X-Force Threat Intelligence Index tracks new and existing trends and attack patterns from billions of data points from network devices and endpoints, incident response engagements and other sources. Some of the main findings of the latest report in Brazil are:
- The region becomes more important for cybercriminals. While Latin America accounts for 12% of the attacks observed by the X-Force incident response team, the region is the fourth most attacked in the world. Brazil, Colombia, Mexico, Peru and Chile were the most attacked countries. Brazil, specifically, accounted for 67% of cases handled by X-Force.
- Retail was the most attacked. Incidents in Brazil bucked global industry trends. Retail moved from second place to become the most attacked in 2022, with 31% of cases handled by X-Force. The financial, insurance and energy sectors were the second most targeted, all with 19% of cases.
- Data were the protagonists in the country last year. Data theft (32%), data leaks (22%) and data destruction (22%) were the most common actions carried out by cybercriminals in Brazil, highlighting that without a “presumed breach”, organizations are putting customer data at risk , partners and employees.
- Ascension of new initial access vectors. Last year, phishing and credential harvesting were the most common vectors observed by the X-Force team. This year, external remote services accounted for 33% of incidents in Brazil. The other cases were evenly split between exploitation of public-facing applications, misuse of valid domain accounts, and hardware additions.
- Phishers “give up” credit card data. The number of cybercriminals targeting credit card information in phishing kits has dropped by 52% worldwide, indicating attackers are prioritizing personal information that can be sold for a higher price on the dark web or used for other operations. Spearphishing links were among the most common forms of phishing in Brazil.
Some additional findings from the 2023 report include:
- Cyber criminals use email conversations. Email conversation hijacking increased dramatically in 2022, with attackers using compromised accounts to join ongoing conversations by impersonating the original participant. X-Force noted that the monthly retry rate increased by 100% worldwide. In Latin America, email hijacking accounted for 11% of attacks.Extortion: the preferred method of threat actors. In Latin America, one of the most common impacts of cyberattacks in 2022 was extortion, mainly thanks to ransomware attacks or compromised corporate emails, mirroring the global trend. Cybercriminals target the most vulnerable sectors, companies and regions, using extortion schemes and applying high psychological pressure to force victims to pay ransom.
- The most counterfeited brands include major tech companies. Credentials stolen from these services are valuable for accessing the accounts victims use to manage their online presence. The 2021 list was more diverse, with brands from other sectors. X-Force believes this change is due to the increased ability to identify all brands that a phishing kit is capable of spoofing and not just the one brand that is configured on the kit by default.
The study features data collected by IBM around the world to provide relevant insights into the global attack landscape and inform the security community about the threats most relevant to their organizations.
Download the IBM Security X-Force Threat Intelligence Index 2023 on here.