X-Force Threat Intelligence Index Reveals Top Cybersecurity Risks of 2020 (2023)

The volume of threats that security teams see on a daily basis can make it especially difficult to look at the big picture when it comes to developing an effective cybersecurity strategy. To see through the flood of data and alerts, organizations depend on actionable threat intelligence to help them understand and mitigate risks. Looking at long-term trends can also help organizations make effective decisions for allocating resources to prevent costly breaches, ransomware and destructive attacks.

IBM’s annual X-Force Threat Intelligence Index presents an overview of the threat landscape and cybersecurity risk trends of the past year, based on IBM X-Force analysis of data from hundreds of millions of IBM Security-protected endpoints and servers, spam sensors, IBM Security managed services, red team, and incident response engagements.

IBM X-Force research teams came together to look at the trends that shaped the information security landscape in 2019, following the data to highlight the most prominent trends that can help organizations better assess risk factors, understand relevant threats and bolster their security strategy in 2020 and beyond.

Among the findings in this year’s X-Force Threat Intelligence Index, a few stand out: the most common attack vectors, the evolution of ransomware and malware, and the risks posed by accidental breaches caused by factors such as misconfigurations, inadvertent insiders, and old, continually exploited software vulnerabilities. New data from 2019 also showed a trend toward attacks on operational technology (OT), posing threats to industries such as energy and manufacturing. Finally, this year’s report provides geographic insights to show how threats vary by country or region.

Download the report

Attackers Are on the Path of Least Resistance

With access to billions of compromised records over the past decade, rampant credential reuse and an ever-growing number of unpatched vulnerabilities to prey on, attackers took the path of least resistance through a number of ways to gain access and compromise organizations’ security.

According to data in this year’s report, initial infection vectors used by attackers were fairly evenly divided between phishing attacks, unauthorized use of credentials and exploitation of vulnerabilities. Out of the top attack vectors in 2019, 31 percent of attacks relied on phishing (down from about half of attacks in 2018). The share of attacks using stolen credentials in 2019 was close behind at 29 percent. Meanwhile, attacks on known vulnerabilities increased significantly as a share of the top attack vectors, up to 30 percent in 2019 versus 8 percent in 2018.

Ransomware — The Bane of the Decade

Ransomware attacks have been an increasing issue in the past five years, and in 2019, this threat evolved into an all-out digital hostage crisis. When companies are not paying millions for a decryption key, they may see their data destroyed or published on the internet, or they may even become the victims of a destructive attack as retaliation for not paying criminals.

Our data shows a considerable rise in ransomware incidents in 2019, almost doubling between the second half of 2018 (10 percent) and the first half of 2019 (19 percent). Ransomware affected companies in a large variety of industries, in both the public and private sectors and 12 countries across the globe. Top targets for these attacks were retailers, manufacturing and transportation, sectors where downtime is detrimental to operations, which adds to the pressure to pay. Another potential reason could include the ease of exploitation of legacy systems and lax security programs in some sectors.

Healthcare organizations also faced the wrath of ransomware in 2019, and with attacks on the industry affecting a large number of facilities, the threat to human lives compelled organizations to pay to regain operational capabilities.

Organized Cybercrime Driving Rise in Attacks

One of the biggest drivers of ransomware becoming a prolific threat to organizations in 2019 was the move of organized cybercrime gangs from the banking Trojan realms into the enterprise attack arena. Banking Trojan operators are already known to be professional, sophisticated attackers who operate as a business. These capabilities, combined with access to already-compromised networks and an ability to spread to pivotal assets, have given ransomware like Ryuk, DoppelPaymer, LockerGoga, Sodinokibi and MegaCortex the ability to extort victimized organizations for millions of dollars. Those who did not pay up often faced arduous recovery processes that were no less costly or faster.

Law enforcement continues to discourage companies from paying ransoms as a way to reduce the profitability of high-stakes attacks and deter attackers in the long run.

Of note in 2019 was code innovation in the malware arena. Attackers in this sphere constantly evolve their code to bypass security controls. According to data from Intezer, banking Trojans and ransomware showed the most innovation in their genetic code, with an increase in new (previously unobserved) code from 2018 to 2019. Some 45 percent of banking Trojan code was new in 2019, compared to 33 percent in 2018, while 36 percent of ransomware code was new in 2019, compared to 23 percent in 2018.

Misconfigurations and Insider Threats Expose Billions of Records

With over 8.5 billion records leaked or compromised in 2019, it was a big year for lost data. But could these numbers have been lower? Our analysis finds that of the more than 8.5 billion records breached in 2019, 86 percent were compromised via misconfigured assets, including cloud servers and a variety of other systems. The same issues affected only half of the records breached in 2018. As organizations move to the cloud, security must remain a high priority, especially when it comes to proper configuration, access rights and privileged account management (PAM).

More records exposed equals more credentials up for grabs that can be used as an initial entry point into businesses. It is high time for organizations to pay closer attention to these potential security gaps and favor automation to limit human error and misconfiguration.

Other Highlights From the Report

OT attacks hit an all-time high. Malicious activity targeting operational technology assets, most notably industrial control systems (ICS), increased 2000 percent year-over-year in 2019, marking the largest number of attempted attacks on ICS and OT infrastructure in three years.

Tech and social media giants were the top spoofed brands in 2019, with attackers using various cybersquatting tactics to gain the trust of potential victims.

Nearly 60 percent of the top 10 spoofed brands identified were Google and YouTube domains, with Apple (15 percent) and Amazon (12 percent) coming in next. Facebook, Instagram, Netflix and Spotify were also among the top 10 spoofed brands.

With nearly 10 billion accounts combined, the top 10 spoofed brands listed in the report offer attackers a wide target pool, increasing the likelihood of credential theft and account takeover.

North America and Asia were the most targeted regions. For the first time this year, the X-Force Threat Intelligence Index included geo-centric insights on the threat trends we’ve seen on a regional basis. North America and Asia suffered the largest data losses, having seen 5 billion and 2 billion records compromised, respectively.

Discover More in the X-Force Threat Intelligence Index

IBM X-Force research for this report has a truly global reach, based on insights and observations from monitoring over 70 billion security events per day in more than 130 countries. For more insights about the global threat landscape and the threats most relevant to your organization, download the X-Force Threat Intelligence Index and sign up for the webinar to dive deeper into the findings from this year’s report.

Download the latest X-Force Threat Intelligence Index

Learn more about IBM Security X-Force’s threat intelligence and incident response services.

Cloud|Cloud Adoption|Cloud Security|Credentials Theft|Critical Infrastructure|Cybercrime|Cybercrime Trends|Healthcare Industry|Healthcare Security|Industrial Control Systems (ICS)|Insider Threats|Malware|Phishing|Ransomware|Risk|Social Media|Spam|Threat Intelligence|Vulnerabilities|X-Force

Limor Kessem

Principal Consultant, X-Force Cyber Crisis Management, IBM

Limor Kessem is a Principal Consultant with X-Force’s Cyber Crisis Management, helping organizations prepare for and face crisis-level cyber-attacks. Previ...


What is X-Force threat intelligence Index? ›

The IBM Security X-Force Threat Intelligence Index maps new trends and attack patterns we observed and analyzed from our data—drawing from billions of datapoints ranging from network and endpoint detection devices, incident response (IR) engagements, domain name tracking and more.

What are the top 5 major threats to cybersecurity? ›

What are the main types of cybersecurity threats?
  • Malware attack.
  • Social engineering attacks.
  • Software supply chain attacks.
  • Advanced persistent threats (APT)
  • Distributed denial of service (DDoS)
  • Man-in-the-middle attack (MitM)
  • Password attacks.
Feb 1, 2023

What are the biggest cyber security threats in 2020? ›

What are the Top Cyber Security Threats in 2020?
  • 1 – Malware. The use of malware continues to be a threat to businesses. ...
  • 2 – Metamorphic/Polymorphic Malware. ...
  • 3 – Ransomware. ...
  • 4 – AI/ML Ransomware. ...
  • 5 – Mobile Malware. ...
  • 6 – IoT-Related Threat. ...
  • 7 – Third-Party & Supply Chain Attacks. ...
  • 8 – Phishing Scams.

What are the top 5 biggest cyber threats to organization? ›

The biggest cyber security threats that small businesses face, and how you can protect yourself against them.
  • Phishing Attacks.
  • Malware Attacks.
  • Ransomware.
  • Weak Passwords.
  • Insider Threats.
Jan 19, 2023

How many cyber attacks are caused by human error? ›

According to a study by IBM, 95% of cyber security breaches result from human error.

What is meant by threat intelligence? ›

Threat Intelligence is evidence-based information about cyber attacks that cyber security experts organize and analyze. This information may include: Mechanisms of an attack.

What are the 3 major threats to cyber security today? ›

Types of cyber threats your institution should be aware of include: Malware. Ransomware. Distributed denial of service (DDoS) attacks.

What are the top 10 biggest cyber threats to organization? ›

Top 10 Cybersecurity Threats:
  1. Social Engineering. ...
  2. Third-Party Exposure. ...
  3. Configuration Mistakes. ...
  4. Poor Cyber Hygiene. ...
  5. Cloud Vulnerabilities. ...
  6. Mobile Device Vulnerabilities. ...
  7. Internet of Things. ...
  8. Ransomware.
Feb 27, 2023

What is the biggest cybersecurity threat today? ›

What are the biggest cybersecurity threats right now?
  1. Inadequate Training for Employees. ...
  2. The Misuse of the Internet of Things (IoT) ...
  3. Social Engineering. ...
  4. Mishandling Patches. ...
  5. Third-Party Vulnerability. ...
  6. Cloud Vulnerabilities. ...
  7. Ransomware. ...
  8. Insufficient Command Over Cyber Risk Management.

How many cyber attacks happened in 2020? ›

The 1,644 data breaches reported in 2020 marked 434 more reported breaches than 2019, the largest year-to-year increase on record.

What was the increase of cyber attacks in 2020? ›

In fact, 80% of firms have seen an increase in cyber attacks this year. Coronavirus is alone blamed for a 238% rise in cyber attacks on banks. Phishing attacks have seen a dramatic increase of 600% since the end of February.

Which country appears on the top of the global cybersecurity Index 2020? ›

In 2020, the United States ranked first in the Global Cybersecurity Index (GCI) with a score of 100 index points. Among the countries with the highest commitment to cyber security, the United Kingdom and Saudi Arabia shared second place with a GCI score of 99.54 for each.

What are the 6 most common types of cyber threats? ›

Types of Cyber Attacks
  • Malware Attack. This is one of the most common types of cyberattacks. ...
  • Phishing Attack. Phishing attacks are one of the most prominent widespread types of cyberattacks. ...
  • Password Attack. ...
  • Man-in-the-Middle Attack. ...
  • SQL Injection Attack. ...
  • Denial-of-Service Attack. ...
  • Insider Threat. ...
  • Cryptojacking.
Feb 7, 2023

What are the top 10 server security threats identified in the industry lately? ›

  • Viruses and worms. Viruses and worms are malicious software programs (malware) aimed at destroying an organization's systems, data and network. ...
  • Botnets. ...
  • Drive-by download attacks. ...
  • Phishing attacks. ...
  • Distributed denial-of-service (DDoS) attacks. ...
  • Ransomware. ...
  • Exploit kits. ...
  • Advanced persistent threat attacks.

Are 90% of cyber attacks due to human error? ›

More than 90% of cyberattacks are made possible, to a greater or lesser extent, by human error, according to IBM data. Therefore, despite technological advances to minimise threats, the first major line of defence is the awareness and good practices of users.

What were the 3 biggest cyber attacks ever made? ›

We can always learn from the past, so let's take a look at some of history's biggest cyber attacks:
  • Adobe Cyber Attack. ...
  • The 2014 Cyber Attack on Yahoo. ...
  • Ukraine's Power Grid Attack. ...
  • 2017 WannaCry Ransomware Cyber Attack. ...
  • A Cyber Attack on Marriott Hotels. ...
  • The biggest password leak yet.
Feb 13, 2023

What are the 3 most common cyber attacks? ›

What are the 10 Most Common Types of Cyber Attacks?
  • Malware.
  • Denial-of-Service (DoS) Attacks.
  • Phishing.
  • Spoofing.
  • Identity-Based Attacks.
  • Code Injection Attacks.
  • Supply Chain Attacks.
  • Insider Threats.
Feb 13, 2023

What are the 3 types of threat intelligence data? ›

Cyber Threat Intelligence is categorized into three types: Tactical, Operational, and Strategic. CTI uses a third category, tactical, to describe the technical indicators and behaviors used to inform network level action and remediation.

What are the three key elements of threat intelligence? ›

Three Key Elements that a modern CTI program includes:

Security Orchestration, Automation, and Response (SOAR) ensure security teams detect and respond faster to emerging threats.

What are four types of cyber threat intelligence? ›

There are three kinds of cyber threat intelligence: strategic, tactical and operational. Strategic threat intelligence: This is a high-level assessment of potential threats, identifying who might be interested in attacking the organization or companies in its industry and their motivations.

What are the top cybersecurity risks 2023? ›

The top cybersecurity risks of 2023 include a shortage of trained cyber professionals, international strife and continued vulnerabilities in critical infrastructure services, according to a new report from the Bipartisan Policy Center.

What are the top cybersecurity challenges? ›

Top 10 Challenges of Cyber Security Faced in 2022
  • Ransomware attacks.
  • IoT attacks.
  • Cloud attacks.
  • Phishing attacks.
  • Blockchain and cryptocurrency attacks.
  • Software vulnerabilities.
  • Machine learning and AI attacks.
  • BYOD policies.

What are the top 3 targeted industries for cyber security? ›

must read. Over half of ransomware attacks are targeting one of three industries; banking, utilities and retail, according to analysis by cybersecurity researchers – but they've also warned that all industries are at risk from attacks.

Who has the strongest cyber security? ›

The 5 Most Cyber Secure Countries
  • United States. While cybercrime is an issue in the United States, it is also true that the United States is the country with the best infrastructure to tackle it and has the most cybersecurity firms in the world calling it home. ...
  • Finland. ...
  • United Kingdom. ...
  • Republic of Korea. ...
  • Denmark.

What are the top 3 biggest data breaches so far in 2020? ›

Biggest Data Breaches in 2020
  • Pakistani Mobile Operators. Date: April 2020. Impact: 115,000,000 records. ...
  • SolarWinds. Date: December 2020. Impact: 50,000,000 records. ...
  • MGM Hotels. Date: February 2020. Impact: 10,600,000 users. ...
  • Dutch Government. Date: March 2020. ...
  • Marriott International. Date: January to March 2020.
Feb 28, 2023

What is the biggest cyber hack 2020? ›

The Solar Winds hack was perhaps one of the most damaging cyberattacks of 2020. It was a masterfully conducted supply chain hack that compromised multiple governments and private company systems all across the globe. In December 2020, the attack was first discovered by a Cyber Security firm called Fire Eye.

What is the famous cyber crime 2020? ›

  • SBI Data Breach (January 2019) ...
  • JustDial Data Breach (April 2019) ...
  • Healthcare Records Breach (August 2019) ...
  • Unacademy Data Breach (May 2020) ...
  • Bigbasket For Sale on Dark Web (October 2020) ...
  • Juspay for Sale on Dark Web (January 2021) ...
  • Covid-19 Test Results of Indians (January 2021) ...
  • Police Exam Applicants Data (Februrary 2021)

How many computers are hacked each day 2020? ›

According to Security Magazine, there are over 2,200 attacks each day which breaks down to nearly 1 cyberattack every 39 seconds.

What rank is the US in cyber security? ›

Cyber surveillance power: When it comes to cyber surveillance, China is the most powerful in cyber. Researchers say Russia is second in the category and the United States is third.

What country is the biggest cybersecurity threat? ›

1. China – a Hotbed of Hackers. China has continued to wage large scale cyber attacks, and this includes stealing intellectual property.

What are the 8 common cyber threats? ›

8 Common Cybersecurity Threats and How to Prevent Them
  • 1) Ransomware. ...
  • 2) Social Engineering/Phishing. ...
  • 3) Unpatched Systems and Misconfigurations. ...
  • 4) Credential Stuffing. ...
  • 5) Password Cracking Attacks. ...
  • 6) Man-in-the-Middle Attacks. ...
  • 7) Denial-of-Service Attacks. ...
  • 8) Drive-by Download Attacks.
Nov 10, 2022

What are the three major types of threats? ›

A threat can be spoken, written, or symbolic.

Which are the top 3 security threat intelligence products and services? ›

Top 7 Threat Intelligence Platforms
  • Anomali ThreatStream.
  • IBM X-Force Exchange.
  • IntSights Threat Intelligence Platform.
  • LookingGlass Cyber Solutions.
  • Recorded Future.
  • SolarWinds Security Event Manager.
  • ThreatConnect.
Feb 10, 2023

What is the most common source of security threats? ›

1. Malware – Surveillanceware and Ransomware. Malware stands for malicious software and is the catchall term for any piece of software designed to either damage devices or (as is more common) steal important data. There are many types of malware that can affect your system.

What are the 5 C's of cyber security? ›

The five C's of cyber security are five areas that are of significant importance to all organizations. They are change, compliance, cost, continuity, and coverage. The top priority of organizations all over is having security protective of their digital and physical assets.

What are the six 6 types of attacks on network security? ›

The Six Types of Cyberattacks You're Most Likely to Face
  • Phishing Attacks. Phishing attacks are one of the most common types of cyberattacks. ...
  • Social Engineering Attacks. ...
  • Ransomware Attacks. ...
  • Malware and Virus Attacks. ...
  • Denial-of-Service (DoS) Attacks. ...
  • Spyware and Adware Attacks.

Is IBM Xforce free? ›

IBM X-Force Exchange is free to use via a guest login through the web interface at xforce.ibmcloud.com. A free X-Force Exchange non-commercial API is also available for limited use.

What is Xforce exchange? ›

IBM X-Force Exchange is a cloud-based threat intelligence platform that allows you to consume, share, and act on threat intelligence. It enables you to rapidly research the latest global security threats, aggregate actionable intelligence, consult with experts, and collaborate with peers.

What is opfor in cybersecurity called? ›

Observed improvements include enhanced protection of some network elements, greater challenges for cyber opposing forces (OPFOR) attempting to gain access to networks, and greater awareness by DOD leadership of the potential impact that cyber attacks could have on key systems and the critical missions they support.

Is XDR a soar? ›

A quick response reduces dwell time and contains an intruder quickly, limiting the impact of an attack. SOAR is a very valuable addition to SIEM. In contrast, XDR offers advanced detection, rapid response, and intuitive automation that meets most customers' needs without the added cost of a SOAR solution.

Can I use IBM cloud for free? ›

There are no costs that are associated with signing up, and you can try out IBM Cloud for free. You pay only for billable services that you choose to use, with no long-term contracts or commitments.

Is IBM cloud free for IBM employees? ›

Your free IBM Cloud account is a Pay-as-You-Go account and includes access to 50+ products with a free tier. Only pay for what you use beyond the free tier. No fees or upfront commitments, cancel anytime.

Is IBM ID free? ›

The account is free - no credit card required. The account never expires. You receive email notifications about your account status and quota limits. You can create one instance of any service in the IBM Cloud catalog that has a Lite plan.

What is QRadar App Exchange? ›

Download and install apps that extend QRadar® functionality from the IBM Security App Exchange. The IBM Security App Exchange is a community-based sharing hub, that you use to share apps across IBM Security products.

What are four types of cyber threat intelligence any four? ›

Cyber Threat Intelligence is mainly categorized as strategic, tactical, technical, and operational.

What are the two types of attacks in cyber security? ›

The different types of cyber-attacks are malware attack, password attack, phishing attack, and SQL injection attack.


Top Articles
Latest Posts
Article information

Author: Horacio Brakus JD

Last Updated: 07/09/2023

Views: 5327

Rating: 4 / 5 (51 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Horacio Brakus JD

Birthday: 1999-08-21

Address: Apt. 524 43384 Minnie Prairie, South Edda, MA 62804

Phone: +5931039998219

Job: Sales Strategist

Hobby: Sculling, Kitesurfing, Orienteering, Painting, Computer programming, Creative writing, Scuba diving

Introduction: My name is Horacio Brakus JD, I am a lively, splendid, jolly, vivacious, vast, cheerful, agreeable person who loves writing and wants to share my knowledge and understanding with you.