Cybercriminals are moving away from hacking into corporate networks and instead using legitimate credentials to access and compromise them, with a 71% increase in cyberattacks caused by identity exploitation, according to IBM.
In his X-Force Threat Intelligence Index 2024published on February 21, 2024, IBM observed that the compromise of valid identities represented 30% of the total initial access vectors used in 2023.
This represents a big jump from 2022, where this method accounted for only 16% of initial access vectors.
Phishing also accounted for 30% of initial access vectors used in 2023, down 11% from 2022.
There are several ways to obtain valid accounts, including:
- Obtain, sometimes buy, credentials and databases from previous data breaches sold on the dark web
- Or through infostealers, malware designed to steal personal and corporate credentials, personally identifiable information, and banking and crypto wallet information.
In 2023, X-Force observed a 266% increase in information-stealing malware.
Businesses need unified identity access management solutions
Julian David, CEO of techUK, commented: “At a time of increasing sophistication of cybercriminals exploiting legitimate accounts to breach enterprise defenses, IBM’s X-Force Threat Intelligence Index serves as a real signal alarm.
In a public statement from IBM, Martin Borrett, CTO of IBM Security for the United Kingdom and Ireland (UKI), suggested ways to mitigate this growing threat.
“Addressing cybersecurity challenges requires a strategic approach, with a focus on strengthening fundamental security measures. Streamlining identity management through a unified identity and access management (IAM) provider and fortifying existing applications with modern security protocols are crucial steps to mitigating risk.
“Additionally, subjecting your system to rigorous stress testing by competent offensive security teams is invaluable in uncovering potential weaknesses. This information is critical to developing a robust incident response plan that involves all teams, from IT professionals to senior management.
Other key findings from the 2024 Threat Intelligence Index
Other key findings from X-Force Threat Intelligence Index 2024 include:
- A focus on critical infrastructure, with nearly 70% of attacks worldwide targeting critical infrastructure in 2023
- An 11.5% drop in ransomware attacks targeting businesses in 2023,
- Data theft and data breach incidents are the biggest impact of cyberattacks, with 32% of global incidents observed in 2023 resulting in a data breach.
- A growing trend of using legitimate tools for hacking purposes, with 32% of cyberattacks involving this tactic
According to IBM, the most targeted region was Europe, accounting for 32% of global cyberattacks in 2023.
Manufacturing was the most targeted industry, accounting for 25.7% of all attacks observed in 2023. Malware was used in 45% of incidents.
Finally, IBM estimated that AI did not pose a serious threat so far, but that it could become one in the future.
“When a single generative AI technology approaches 50% market share or when the market consolidates into three or fewer technologies, this could trigger large-scale attacks against these platforms,” the report said.
Charles Henderson, Director of IBM The biggest enterprise security problem comes down to the basic and known: not the novel and unknown. Identity is used again and again against businesses, a problem that will worsen as adversaries invest in AI to optimize tactics.
The X-Force Threat Intelligence Index 2024 is based on insights and observations from monitoring more than 150 billion daily security events in more than 130 countries.
Additionally, data is collected and analyzed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, as well as data provided by Red Hat Insights and Intezer, owned by IBM.