IBM Report: Identity Comes Under Attack, Straining Enterprises' Recovery Time from Breaches

Rhea-AI Summary

IBM's 2024 X-Force Threat Intelligence Index reveals a global identity crisis as cybercriminals exploit user identities, with a 71% spike in cyberattacks. Attacks on critical infrastructure show a need for basic security measures, ransomware groups pivot to infostealers, and generative AI faces potential at-scale attacks. Europe is a prime target for cyberattacks, and phishing attacks decrease but remain a threat.

Positive

• IBM's X-Force Threat Intelligence Index highlights a global identity crisis with cybercriminals exploiting user identities.
• 71% spike in cyberattacks due to exploiting user identities.
• Attacks on critical infrastructure show the importance of basic security measures.
• Ransomware groups shift to infostealers as larger organizations refuse to pay ransom.
• Generative AI may face at-scale attacks as it approaches market dominance.
• Europe is a prime target for cyberattacks, with a significant number of attacks observed.
• Phishing attacks decrease in volume but remain a persistent threat.
• Security misconfigurations and vulnerabilities pose significant risks to organizations.

Negative

• Ransomware attacks saw a nearly 12% drop last year, impacting adversaries' revenue expectations.
• ROI from attacks on generative AI is not currently viable.
• Identity-based threats are expected to grow as cybercriminals leverage generative AI.
• Nearly 70% of attacks targeted critical infrastructure organizations globally.
• Phishing attacks saw a 44% decrease in volume from 2022.
• Security misconfigurations accounted for 30% of total exposures identified.

Insights

Cybersecurity Expert

The recent surge in cyberattacks, particularly those exploiting identities, signals a growing trend that organizations must urgently address. The shift towards using valid accounts to gain access to corporate networks presents a challenge in distinguishing between legitimate and malicious activities. The increased complexity of response measures required by security teams, as reported by IBM X-Force, underscores the need for robust identity and access management (IAM) strategies. The emphasis on multi-factor authentication and least-privilege principles is critical, as these attacks often exploit weaknesses in these areas. Furthermore, the significant time to detect and recover from breaches caused by compromised credentials, approximately 11 months, highlights the importance of proactive monitoring and rapid incident response capabilities.

AI Technology Analyst

The projection that generative AI technologies could become a new attack vector once market consolidation occurs is a notable insight into the evolving landscape of cyber threats. As generative AI approaches significant market share, the potential for at-scale attacks increases. This prediction necessitates that organizations not only secure their AI models but also their underlying infrastructure. The IBM Framework for Securing Generative AI offers a holistic approach to this issue, emphasizing the integration of AI security within broader cybersecurity strategies. Early adoption of these practices could mitigate the risks associated with the AI market's maturation and the corresponding cyber threats.

Market Research Analyst

The report's findings on the geographical distribution of cyberattacks, with Europe bearing the brunt, could influence how businesses in different regions prioritize their cybersecurity investments. The decline in ransomware attacks suggests a shift in cybercriminal tactics, potentially due to organizations' reluctance to pay ransoms and opting to rebuild infrastructure instead. This trend may impact the cybersecurity market, as demand for services and solutions that address emerging threats, such as infostealers and AI-targeted attacks, is likely to increase. Understanding these shifts is vital for stakeholders to adapt their cybersecurity strategies and for investors to identify sectors that may experience growth in demand for advanced security measures.

-71% spike in cyberattacks caused by exploiting identity
- 50% AI market share milestone to trigger a cyber problem
- Nearly 70% of attacks globally targeted critical infrastructure in 2023
- Europe feels brunt of cyberattacks, making up 32% of global incidents

CAMBRIDGE, Mass., Feb. 21, 2024 /PRNewswire/ -- IBM (NYSE: IBM) today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global identity crisis as cybercriminals double down on exploiting user identities to compromise enterprises worldwide. According to IBM X-Force, IBM Consulting's offensive and defensive security services arm, in 2023, cybercriminals saw more opportunities to "log in" versus hack into corporate networks through valid accounts – making this tactic a preferred weapon of choice for threat actors.

The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analyzed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.

Some of the key highlights include:

• Attacks on critical infrastructure reveal industry "faux pas." In nearly 85% of attacks on critical sectors, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals – indicating that what the security industry historically described as "basic security" may be harder to achieve than portrayed.
• Ransomware groups pivot to leaner business model. Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure. With this growing pushback likely to impact adversaries' revenue expectations from encryption-based extortion, groups that previously specialized in ransomware were observed pivoting to infostealers.
• ROI from attacks on generative AI not there – yet. X-Force analysis projects that when a single generative AI technology approaches 50% market share or when the market consolidates to three or less technologies, it could trigger at-scale attacks against these platforms.

"While 'security fundamentals' doesn't get as many head turns as 'AI-engineered attacks,' it remains that enterprises' biggest security problem boils down to the basic and known – not the novel and unknown" said Charles Henderson, Global Managing Partner, IBM Consulting, and Head of IBM X-Force. "Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimize the tactic."

A Global Identity Crisis Poised to Worsen

Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web today. In 2023, X-Force saw attackers increasingly invest in operations to obtain users' identities – with a 266% uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more.

This "easy entry" for attackers is one that's harder to detect, eliciting a costly response from enterprises. According to X-Force, major incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident – with defenders needing to distinguish between legitimate and malicious user activity on the network. In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months to detect and recover from – the longest response lifecycle than any other infection vector.

This wide reach into users' online activity was evident in the FBI and European law enforcement's April 2023 takedown of a global cybercrime forum that collected the login details of more than 80 million user accounts. Identity-based threats will likely continue to grow as adversaries leverage generative AI to optimize their attacks. Already in 2023, X-Force observed over 800,000 posts on AI and GPT across Dark Web forums, reaffirming these innovations have caught cybercriminals attention and interest.

Adversaries "Log into" Critical Infrastructure Networks

Worldwide, nearly 70% of attacks that X-Force responded to were against critical infrastructure organizations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.

Nearly 85% of attacks that X-Force responded to on this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts.  The latter poses an increased risk to the sector, with DHS CISA stating that the majority of successful attacks on government agencies, critical infrastructure organizations and state-level government bodies in 2022 involved the use of valid accounts. This highlights the need for these organizations to frequently stress test their environments for potential exposures and develop incident response plans.

Generative AI – The Next Big Frontier to Secure

For cybercriminals to see ROI from their campaigns, the technologies they target must be ubiquitous across most organizations worldwide. Just as past technological enablers fostered cybercriminal activities – as observed with ransomware and Windows Server's market dominance, BEC scams and Microsoft 365 dominance or cryptojacking and the Infrastructure-as-a-Service market consolidation – this pattern will most likely extend across AI.

X-Force assesses that once generative AI market dominance is established – where a single technology approaches 50% market share or when the market consolidates to three or less technologies – it could trigger the maturity of AI as an attack surface, mobilizing further investment in new tools from cybercriminals. Although generative AI is currently in its pre-mass market stage, it's paramount that enterprises secure their AI models before cybercriminals scale their activity. Enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that doesn't require novel tactics from attackers to target – highlighting the need for a holistic approach to security in the age of generative AI, as outlined in the IBM Framework for Securing Generative AI.

Additional findings:

• Europe – adversaries' preferred target -- Nearly one in three attacks observed worldwide targeted Europe, with the region also experiencing the most ransomware attacks globally (26%).
• Where did all the phish go? Despite remaining a top infection vector, phishing attacks saw a 44% decrease in volume from 2022. But with AI poised to optimize this attack and X-Force research indicating that AI can speed up attacks by nearly two days, the infection vector will remain a preferred choice for cybercriminals.
• Everyone is vulnerable – Red Hat Insights found that 92% of customers have at least one CVE with known exploits unaddressed in their environment at the time of scanning, while 80% of the top ten vulnerabilities detected across systems in 2023 were given a 'High' or 'Critical' CVSS base severity score.
• "Kerberoasting" pays off – X-Force observed a 100% increase in "kerberoasting" attacks, wherein attackers attempt to impersonate users to escalate privileges by abusing Microsoft Active Directory tickets.
• Security misconfigurations – X-Force Red penetration testing engagements indicate that security misconfigurations accounted for 30% of total exposures identified, observing more than 140 ways that attackers can exploit misconfigurations.

Additional Resources

• Download a copy of the 2024 X-Force Threat Intelligence Index.
• Read more about the report's top findings in this IBM Security Intelligence blog.
• Sign up for the 2024 IBM X-Force Threat Intelligence webinar on Thursday, March 7^th at 11:00 am ET.
• Connect with the IBM X-Force team for a personalized review of the findings.

Media Contact
Georgia Prassinos
IBM
gprassinos@ibm.com

 

View original content to download multimedia:https://www.prnewswire.com/news-releases/ibm-report-identity-comes-under-attack-straining-enterprises-recovery-time-from-breaches-302066462.html

SOURCE IBM

FAQ

What is the key highlight of IBM's 2024 X-Force Threat Intelligence Index?

The key highlight is the global identity crisis caused by cybercriminals exploiting user identities.

What percentage of cyberattacks was caused by exploiting user identities?

There was a 71% spike in cyberattacks due to exploiting user identities.

What percentage of attacks on critical infrastructure could have been mitigated with basic security measures?

Nearly 85% of attacks on critical sectors could have been mitigated with patching, multi-factor authentication, or least-privilege principals.

What is the impact of ransomware attacks on enterprises?

Ransomware attacks saw a nearly 12% drop last year as larger organizations opt against paying and decrypting, favoring rebuilding infrastructure.

What could trigger at-scale attacks against generative AI?

When a single generative AI technology approaches 50% market share or when the market consolidates to three or fewer technologies, it could trigger at-scale attacks.

Which region was the preferred target for cyberattacks according to the report?

Europe was the preferred target for cyberattacks, with nearly one in three attacks worldwide targeting the region.

What was the trend observed in phishing attacks from 2022 to 2023?

Phishing attacks saw a 44% decrease in volume from 2022.

What percentage of customers have at least one CVE with known exploits unaddressed in their environment?

Red Hat Insights found that 92% of customers have at least one CVE with known exploits unaddressed in their environment.

What is the significance of security misconfigurations according to X-Force Red penetration testing engagements?

Security misconfigurations accounted for 30% of total exposures identified, with over 140 ways attackers can exploit misconfigurations.