Cybercriminals use identities to target enterprises

A new report from IBM X-Force Threat Intelligence highlights an emerging global identity crisis as cybercriminals double down on exploiting user identities to compromise enterprises worldwide.

The 2024 X-Force Threat Intelligence Index report records a 71 percent spike in cyberattacks caused by exploiting identity as using valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.

In 2023, X-Force saw attackers increasingly invest in operations to obtain users' identities -- with a 266 percent uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more.

Worldwide, nearly 70 percent of attacks that X-Force responded to were against critical infrastructure organizations, highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives. Nearly 85 percent of attacks that X-Force responded to on this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts.

In nearly 85 percent of attacks on critical sectors, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principles -- suggesting that what’s thought of as ‘basic security’ may be harder to achieve than portrayed.

"While 'security fundamentals' doesn’t get as many head turns as 'AI-engineered attacks,' it remains that enterprises’ biggest security problem boils down to the basic and known – not the novel and unknown," says Charles Henderson, global managing partner, IBM Consulting, and head of IBM X-Force. "Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimize the tactic."

Among other findings ransomware attacks on enterprises saw a drop of nearly 12 percent last year, as larger organizations opted against paying and decrypting, in favor of rebuilding their infrastructure.

Nearly one in three attacks observed worldwide targeted Europe, with the region also experiencing the most ransomware attacks globally (26 percent).

Despite remaining a top infection vector, phishing attacks have seen a 44 percent decrease in volume from 2022. But with AI poised to optimize this type of attack and X-Force research indicating that AI can speed up attacks by nearly two days, the infection vector will likely remain a preferred choice for cybercriminals.

You can get the full 2024 X-Force Threat Intelligence Index report from the IBM site.

Image credit: vchalup2/depositphotos.com