Download the full report for free: http://ibm.co/xforce14 The latest research from IBM X-Force reveals how operationally sophisticated attacks are compromising central strategic targets and maximizing the length and severity of the breach, resulting in the leak of over half a billion records of personally identifiable information (PII) in 2013. In February, IBM X-Force released the IBM X-Force Threat Intelligence Quarterly report which explores the latest security trends based on 2013 data and ongoing research. This marks the first issue of a new compact and focused format, which now includes data collected from the researchers at Trusteer, an IBM company since September, 2013. Download the full report for free: http://ibm.co/xforce14

1. Attackers continue to
optimize and refine target
selection by finding
central strategic targets
More than half a billion records of personally
identifiable information (PII) such as names,
emails, credit card numbers and passwords
were leaked in 2013—and these security
incidents show no signs of stopping.
HALF A
BILLION
REASONS
Why data security still
faces major challenges
Attackers continue to successfully use operational sophistication as demonstrated by:
A single payment processor breach resulting
in coordinated ATM heists in more than
24 countries for a ten-hour spree netting
$45 million.*
Precise coordination and early testing for a
major retail heist of credit card systems
before quietly launching the full attack and
exfiltrating data during the busy holiday season.
Attackers are targeting Java vulnerabilities over others to
exploit end-user applications and infiltrate organizations
Oracle Java is a top target for exploits,
exposing organizations to attacks.
Weaponized content is being delivered via spear-phishing
and exploit sites
Attackers use spear-phishing messages to draw users to websites that contain hidden malicious Java applets
(exploit sites). Once the user accesses the exploit site, the hidden Java applet exploits vulnerabilities to cause a
chain of events that ends with the delivery of the malware to the user’s machine, without the user’s awareness.
Key central targets
DNS providers
Social media
CMS and popular
forum software sites
Top attack techniques
Distributed denial of
service (DDoS)
SQL injection (SQLi)
Malware
Top industries attacked
Computer services
Government
Financial markets
US retail
Java
50%
208
Adobe
Reader
Others
Browsers
Java vulnerabilities
have more than
tripled in the last year.
2012
68
20112010 2013
ibm.com/security/xforce
Download the full IBM X-Force Threat Intelligence Quarterly—1Q 2014 to learn more
about the latest vulnerability statistics, attack trends and data breaches.
© Copyright IBM Corporation 2014. IBM, the IBM logo, ibm.com and X-Force are trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM
or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at
www.ibm.com/legal/copytrade.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
* http://www.nydailynews.com/new-york/cyber-thieves-busted-45-million-heist-article-1.1339051