Curricula - Knowledge - Navigation

X-Force Threat Intelligence Index 2019

Created by IBM security, the annual X-Force Threat intelligence Index is outlining the most prominent threats of the last year.

The full report and the IBM Infographic can be accessed here. This Article will summarise its main findings to provide an overview of the threat landscape. This report covers the year 2018 and was published in 2019. IBM is an American IT- and consulting company, based in Armonk.


In 2018 2,727,359,895 records were leaked or stolen in public disclosed incidents according to IBM (2019). The IBM data shows, that incidents first peaked in February and April, before building up from June to September, which saw the most amount of records stolen or leaked, before gradually declining.

In comparison, the IBM data highlights, that while in 2017 a similar number of records were leaked or stolen, in 2016 more than 6 billion records were affected. Thus, while the amount of records impacted has significantly declined from 2016 to 2017, no such decline could be measured in 2018. Moreover, as the IBM´s data is based on public disclosed incidents the actual number is likely to be higher.

According to IBM (2019) the main targets of cyber-attacks in 2018 were:

  • Finance and insurance Sector (19%);
  • Transportation Sector (13%);
  • Professional service Sector, made up of companies that provide specialized consulting services, (12%);
  • Retail Sector (11%).

On the other hand, the number one host of malware command-and-control servers was the US, with 36% of the total number of such servers.

Additionally, nearly 40% of all spam in 2018 originated from China. IBM was able to attribute the major share of those to two spam-campaigns launched from Chinese-based hosts.

The Report also observed, that cybercriminals moved away from ransomware focused on “cryptojacking and other malicious cryptomining attacks”. Over the course of 2018, IBM tracked an increase of such attacks by 450%. According to Malwarebytes, Malicious cryptomining hides on a computer and uses its resources to “mine” cryptocurrencies. The website of Malwarebytes provides more information on cryptomining attacks and how to protect oneself against them and can be found here.

Further, IBM (2019) identified that in 57% of the breaches their team responded to the perpetrators moved away from using malicious files. Instead, IBM found, they were using existing tools within the victim’s environment, like: “PowerShell or WMI command-line (WMIC) utility”.

The report shows, that the targets of phishing attacks in 27% of the reported cases were users of webmail services. According to IBM (2019): “Given the increase in organizations moving to services hosted in the cloud1, we expect cloud resources to continue to be a popular target”.

Moreover, IBM calculated that: “human error such as misconfigured cloud servers, unsecured cloud databases, and improperly secured rsync backups were responsible for 43% of publicly disclosed misconfiguration incidents.” In 2017 the percentage of misconfiguration incidents caused by human error, laid at 17%. Hence, there appears to be a need to provide more training in order to prevent this number from rising.


Note: This Article is based on the IBM´s X-Force threat Intelligence Index 2019

Author: Niklas Hamann


IBM (2019). X-Force threat Intelligence Index 2019 Available at:


cybercrime, IBM, Trends