IBM’s latest report on data breaches reveals attackers are now more interested in stealing personal data for identity theft than they are simply taking credit card details. It also found that big companies would rather just pass on the costs to consumers, than spend more on security …
The X-Force Threat Intelligence Index 2023 says that attackers are now more interested in stealing the personal data of consumers than they are obtaining credit card details.
Almost every phishing kit analyzed in the data sought to gather names at 98% and email addresses at 73%, followed by home addresses at 66% and passwords at 58%. Credit card information, targeted 61% of the time in 2021, fell out of favor for threat actors—data shows it was sought in only 29% of phishing kits in 2022, a 52% decline.
The report says that this is a bad sign, suggesting more interest in identity theft than in immediate gains.
Lower instances of phishing kits seeking credit card data indicate that phishers are prioritizing personally identifiable information (PII), which allows them broader and more nefarious options. PII can either be gathered and sold on the dark web or other forums or used to conduct further operations against targets.
Phishing – where employees are tricked into logging in to a fake version of a website – remains the most common form of attack, suggesting that companies need to do more to warn staff not to click on links in emails they were not expecting.
Phishing, whether through attachment, link or as a service, remains the lead infection vector, which comprised 41% of all incidents […]
Across 2022’s penetration tests for clients, X-Force Red found that approximately 54% of tests revealed improper authentication or handling of credentials.
As Silicon Angle notes, companies seem content to remain rather relaxed about data breaches, with more of them willing to simply pass on the costs to consumers instead of spending money on security measures.
According to the report, businesses are divided in how they plan to handle the increasing cost and frequency of data breaches. The study found that though 95% of studied organizations have experienced more than one breach, breached organizations were more likely to pass incident costs onto consumers — 57% — than to increase security investments, at 51%.
Photo: Kevin Matos/Unsplash
FTC: We use income earning auto affiliate links. More.
Comments