Last year was a busy one for cybercriminals: The number of leaked records grew from 600 million to more than 4 billion by the end of the year—an increase of 566%, according to the 2017 IBM X-Force Threat Intelligence Index, released Wednesday.
As hacking methods evolve, these leaked records included not only credit card numbers, passwords, and personal health information, but also unstructured data such as email archives, business documents, intellectual property, and source code.
IBM’s index examines data from more than 8,000 security clients in 100 countries, which is collected via spam sensors and honeynets.
“Cybercriminals continued to innovate in 2016 as we saw techniques like ransomware move from a nuisance to an epidemic,” said Caleb Barlow, IBM Security’s vice president of threat intelligence, in a press release. “While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment. The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”
Financial services represented the most attacked industry overall in 2016, shifting from healthcare in 2015. However, information and communications experienced the highest number of incidents and records breaches in 2016, with 3.4 billion records leaked. Government agencies followed, with 398 million records leaked.
The ransomware epidemic is partly to blame, IBM stated. Last year, another IBM study found that, of businesses attacked by ransomware, 70% paid more than $10,000 to unlock their business data and systems. The FBI estimated that in the first three months of 2016, victims of ransomware paid cybercriminals $209 million—putting them on pace to make nearly $1 billion by the end of the year.
Ransomware is commonly deployed via malicious email attachments, which led to a 400% increase in spam year over year in 2016, IBM noted. And about 44% of all spam messages contained malicious attachments, according to the report.
For tips on protecting your business against ransomware and mitigating attacks, click here.