In 2023, cybercriminals found a new way to infiltrate corporate networks by exploiting valid accounts, rather than traditional hacking methods. This shift in tactics has been highlighted in IBM’s 2024 X-Force Threat Intelligence Index, indicating a growing trend where threat actors prefer to “log in” using compromised credentials obtained from the dark web.
According to the report, attacks on critical infrastructure sectors have revealed a significant oversight in industry security practices. In nearly 85% of these attacks, mitigation could have been achieved through basic security measures such as patching, multi-factor authentication (MFA), or least-privilege principles. This suggests that achieving what was historically considered “basic security” may be more challenging than previously thought.
Ransomware attacks on enterprises saw a decrease of nearly 12% last year, with larger organizations opting against paying ransoms and instead choosing to rebuild their infrastructure. This shift in approach is likely to impact the revenue expectations of adversaries who rely on encryption-based extortion, leading some groups to pivot towards infostealers.
X-Force analysis also predicts that when a single generative AI technology gains a significant market share or when the market consolidates to three or fewer technologies, it could trigger large-scale attacks against these platforms. This highlights the importance of addressing security fundamentals, as enterprises continue to face threats related to identity compromise and misuse.
Exploiting valid accounts has become a prevalent strategy for cybercriminals, with billions of compromised credentials available on the dark web. X-Force noted a 266% increase in infostealing malware designed to steal personal identifiable information, emphasizing the need for enhanced detection and response measures by enterprises.
Identity-based threats pose a unique challenge for security teams, requiring them to distinguish between legitimate and malicious user activity on the network. Responses to breaches caused by stolen credentials are significantly more complex and time-consuming, as highlighted in IBM’s 2023 Cost of a Data Breach Report.
Adversaries targeting critical infrastructure organizations have been exploiting public-facing applications, phishing emails, and valid accounts to gain access to sensitive networks. X-Force data reveals that nearly 70% of attacks responded to by X-Force were against critical infrastructure organizations, underscoring the urgency for these entities to strengthen their security posture and incident response capabilities.
Despite a decrease in phishing attacks globally, Europe remains a prime target, with the region experiencing the highest number of ransomware incidents. The use of generative AI in phishing attacks is expected to increase efficiency and speed, making it a persistent threat for organizations.
Overall, the evolving landscape of cyber threats highlighted in IBM’s report underscores the need for organizations to prioritize security fundamentals, address vulnerabilities, and stay vigilant against emerging tactics employed by cybercriminals. As the use of AI technologies continues to grow, securing critical infrastructure and sensitive data remains a top priority for enterprises worldwide.