IBM: "266% Increase in the Use of Infostealers"

One striking conclusion from the annual Threat Intelligence Index by IBM X-Force is the 266% increase in the use of infostealers in 2023 compared to 2022. IBM attributes this to the specialization of former ransomware groups in infostealers and the emergence of new stealers like LummaC2. But what does this 266% increase actually mean, and how is it measured?

Deeper into the report, the statistic is explained: the 266% increase refers to "infostealer-related activity." However, this is different from the general use of infostealers, and it is not entirely clear what is meant by "activity."

The most likely explanation comes from this line: "The past year has seen a significant rise in the number of and threat actor interest in infostealers." Here, two different units are mentioned: the number of types of infostealers and the level of interest in these tools on dark web forums. It’s difficult to interpret this as a single clear statistic.

The confusion these kinds of statistics can cause is also evident from an analysis by two IBM employees on IBM’s website: "Info stealers have seen a staggering 266% increase in their utilization, emphasizing their role in acquiring these credentials." Here, the focus seems to be on the application of infostealers, while the report itself talks about types of infostealers and interest in infostealers.

‍Conclusion

‍IBM X-Force provides valuable insights into the growth of infostealers, but the 266% statistic may give a skewed impression. As shown, it has already led to confusion within IBM itself. Our advice: clarify what exactly is being measured and show the trend over multiple years to better assess the development.