IBM has unveiled its latest report findings in the 2024 X-Force Threat Intelligence Index, highlighting a growing global identity crisis. The IBM report underscores a significant surge in cybercriminals’ exploitation of user identities to infiltrate enterprises worldwide. According to IBM X-Force, the security arm of IBM Consulting specializing in offensive and defensive security services, 2023 witnessed a notable shift. Cybercriminals increasingly favored exploiting valid user accounts to gain unauthorized access to corporate networks, surpassing traditional hacking methods.
The X-Force Threat Intelligence Index draws insights from extensive monitoring, encompassing over 150 billion security events daily across more than 130 countries. This comprehensive analysis is derived from various IBM sources, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, and IBM Managed Security Services, as well as Red Hat Insights and Intezer data contributions. These collective efforts have culminated in the comprehensive findings presented in the 2024 report.
Key Highlights from the Report:
Attacks on Critical Infrastructure Expose Industry Vulnerabilities
- Analysis reveals that in nearly 85% of attacks on critical sectors, adequate mitigation measures such as patching, multi-factor authentication, or least-privilege principles could have significantly reduced compromise.
- This underscores the challenge of achieving what the security industry historically deemed “basic security,” suggesting a more complex landscape than previously assumed.
Ransomware Groups Adapt Business Strategies
- Ransomware attacks targeting enterprises experienced a notable decline of nearly 12% in the past year.
- Larger organizations are increasingly refraining from paying ransoms and opting to rebuild infrastructure instead, prompting ransomware groups to explore alternative revenue streams such as infostealers.
Limited Return on Investment from Attacks on Generative AI
- X-Force analysis predicts that large-scale attacks against generative AI technologies may not yield substantial returns until a single technology commands around 50% market share or market consolidation reduces the number of technologies to three or fewer.
Expert Insight:
Charles Henderson, Global Managing Partner at IBM Consulting and Head of IBM X-Force, emphasizes the enduring significance of security fundamentals amidst evolving threats: “While ‘security fundamentals’ doesn’t get as many head turns as ‘AI-engineered attacks,’ it remains that enterprises’ biggest security problem boils down to the basic and known – not the novel and unknown.” Henderson warns that the misuse of identity in cyberattacks persists as adversaries leverage advancements in AI to optimize this tactic, posing a growing threat to enterprises.
A Growing Global Identity Crisis
Cybercriminals increasingly exploit their preferred infiltration method, tapping into the vast reservoir of compromised credentials readily available on the Dark Web. In 2023, IBM X-Force observed a significant surge in cyber attackers’ efforts to acquire users’ identities, marked by a staggering 266% increase in info-stealing malware explicitly designed to pilfer personally identifiable information such as email credentials, social media logins, messaging app accounts, banking credentials, crypto wallet data, and more.
This avenue of attack presents a formidable challenge for enterprises, as it offers cybercriminals an “easy entry” that is inherently difficult to detect. According to X-Force findings, those were significant security incidents stemming from attackers’ use of lid accounts, necessitating response measures that were nearly 200% more complex than the average incident. Security teams are faced with the arduous task of distinguishing between legitimate user activity and malicious actions within their networks. IBM’s 2023 Cost of a Data Breach Report revealed that breaches resulting from stolen or compromised credentials entailed a response lifecycle of approximately 11 months, the longest among all infection vectors.
The pervasive nature of these identity-based threats was underscored by the joint operation conducted by the FBI and European law enforcement in April 2023, targeting a global cybercrime forum responsible for amassing the login data exploiting 80 million integrating adversaries continues to exploit identities; the integration of generative AI technologies further augments their capabilities. X-Force’s observations in 2023 revealed a substantial uptick in discussions about AI and GPT (Generative Pre-trained Transformer) models across Dark Web forums, indicating cybercriminals’ keen interest in leveraging these innovations to enhance their attacks.
Cyber Adversaries Infiltrate Critical Infrastructure Networks
A concerning trend emerged as IBM X-Force investigated cyber threats: nearly 70% of the attacks addressed by X-Force targeted critical infrastructure organizations globally. This revelation underscores cybercriminals’ strategic focus on exploiting the reliance of these high-value targets on uninterrupted operations to achieve their nefarious goals.
The analysis further revealed that almost 85% of the attacks on critical infrastructure stemmed from various vectors, including exploiting vulnerabilities in public-facing applications, phishing emails, and leveraging valid user accounts. Of particular concern is the heightened risk posed by the latter method. According to the Department of Homemost Critical Infrastructure Security Authority (DHS CISA)mostof successful attacks on government agencies, critical infrastructure entities, and state-level governmental bodies in 2022 involved the unauthorized use of valid accounts.
Securing GeNavigating the Next Frontier in Cybersecurity
The rise of generative AI represents a pivotal juncture in cybersecurity. Cyber adversaries traditionally target technologies ubiquitous across organizations to maximize their campaign returns. This echoes historical trends where ransomware leveraged Windows Server dominance, BEC scams capitalized on Microsoft 365 prevalence, and crypto-jacking exploited Infrastructure-as-a-Service consolidation.
IBM X-Force’s analysis suggests that the maturation of generative AI as an attack surface hinges on achieving market dominance. This could materialize with a single technology capturing around 50% of the market share or consolidation, reducing dominant technologies to three or fewer. This anticipated milestone is expected to incentivize cybercriminals to intensify their investment in developing novel tools and strategies to address potential risks preemptively generative AI’s current pre-mass adoption stage; enterprises must proactively fortify their AI models to address potential risks preemptively. Additionally, organizations must acknowledge that their existing infrastructure is an entry point for cyber threats to target AI models. Consequently, a comprehensive and integrated security approach, as outlined in the IBM Framework for Securing Generative AI, is imperative in safeguarding against evolving cyber threats in the age of AI advancement.
Exploring Additional Insights:
Europe: A Prime Target for Adversaries
Nearly one in three observed cyber attacks worldwide was directed towards Europe, making it a preferred target for cyber adversaries. Additionally, Europe experienced the highest ransomware attacks globally, constituting 26% of all reported incidents.
Decline in Phishing Attacks, but an Ongoing Threat
Despite a 44% decrease in volume compared to the previous year, phishing attacks remain a significant concern as a prominent infection vector. With the potential integration of AI to optimize these attacks and X-Force research indicating a possible acceleration of attacks by nearly two days, phishing continues to be a favored tactic among cybercriminals.
Universal Vulnerability Across Environments
Analysis from Red Hat Insights uncovered widespread vulnerabilities, with 92% of customers found to have at least one CVE with known exploits unaddressed during scanning. Moreover, 80% of the top ten vulnerabilities detected across systems in 2023 were rated as ‘High’ or ‘Critical’ according to the CVSS base severity score.
Emergence of “Kerberoasting” Attacks
X-Force noted a significant uptick of 100% in “kerberoasting” attacks, wherein attackers exploit Microsoft Active Directory tickets to impersonate users and escalate privileges.
Impact of Security Misconfigurations
Findings from X-Force Red penetration testing engagements highlighted the prevalence of security misconfigurations, accounting for 30% of total exposures identified. These tests revealed over 140 potential avenues for attackers to exploit misconfigurations, highlighting the critical need for robust configuration management practices to analyze posture comprehensively.
FAQs
1. What insights do the reports provide regarding the global cybersecurity landscape?
The reports comprehensively analyze the cybersecurity landscape, including emerging trends, prevalent attack vectors, and notable threat actors. They provide valuable insights into the evolving tactics employed by cybercriminals, as well as recommendations for organizations to enhance their security posture.
2. How do the reports highlight the impact of cyber attacks on critical infrastructure organizations?
The reports shed light on the significant targeting of critical infrastructure organizations by cyber adversaries, revealing the implications of such attacks on essential services and national security. They explore the tactics utilized by threat actors to exploit vulnerabilities in critical infrastructure systems and offer recommendations for mitigating these risks.
3. What are the key findings regarding ransomware attacks and their implications for enterprises?
The reports analyze the prevalence of ransomware attacks on enterprises and their evolving nature, including changes in attack volume and tactics. They assess the impact of ransomware incidents on organizations, such as financial losses, operational disruptions, and reputational damage, and provide guidance on ransomware prevention, detection, and response strategies.
4. How do the reports address the role of artificial intelligence (AI) in cyber threats?
The reports examine cybercriminals’ growing use of AI to enhance their attack capabilities, including developing AI-powered malware and evasion techniques. They assess the potential risks posed by AI-driven attacks and offer insights into defensive measures and AI security frameworks to mitigate these threats effectively.
5. What recommendations do the reports offer for organizations to improve their cybersecurity posture?
The reports provide actionable recommendations for organizations to strengthen their cybersecurity defenses, including prioritizing patch management, implementing multi-factor authentication, conducting regular security assessments, and fostering a culture of cybersecurity awareness. They emphasize the importance of proactive measures to mitigate risks and enhance resilience against evolving cyber threats.
[To share your insights with us as part of editorial or sponsored content, please write to sghosh@martechseries.com]
