IBM Report: Identity Comes Under Attack, Straining Enterprises' Recovery Time from Breaches

a global cybercrime forum that collected the login details of more than 80 million user accounts. Identity-based threats will likely continue to grow as adversaries leverage generative AI to optimize their attacks. Already in 2023, X-Force observed over 800,000 posts on AI and GPT across Dark Web forums, reaffirming these innovations have caught cybercriminals attention and interest.

Adversaries "Log into" Critical Infrastructure Networks

Worldwide, nearly 70% of attacks that X-Force responded to were against critical infrastructure organizations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.

Nearly 85% of attacks that X-Force responded to on this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts.  The latter poses an increased risk to the sector, with DHS CISA stating that the majority of successful attacks on government agencies, critical infrastructure organizations and state-level government bodies in 2022 involved the use of valid accounts. This highlights the need for these organizations to frequently stress test their environments for potential exposures and develop incident response plans.

Generative AI – The Next Big Frontier to Secure

For cybercriminals to see ROI from their campaigns, the technologies they target must be ubiquitous across most organizations worldwide. Just as past technological enablers fostered cybercriminal activities – as observed with ransomware and Windows Server's market dominance, BEC scams and Microsoft 365 dominance or cryptojacking and the Infrastructure-as-a-Service market consolidation – this pattern will most likely extend across AI.

X-Force assesses that once generative AI market dominance is established – where a single technology approaches 50% market share or when the market consolidates to three or less technologies – it could trigger the maturity of AI as an attack surface, mobilizing further investment in new tools from cybercriminals. Although generative AI is currently in its pre-mass market stage, it's paramount that enterprises secure their AI models before cybercriminals scale their activity. Enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that doesn't require novel tactics from attackers to target – highlighting the need for a holistic approach to security in the age of generative AI, as outlined in the IBM Framework for Securing Generative AI.

Additional findings:

Europe – adversaries' preferred target -- Nearly one in three attacks observed worldwide targeted Europe, with the region also experiencing the most ransomware attacks globally (26%).Where did all the phish go? Despite remaining a top infection vector, phishing attacks saw a 44% decrease in volume from 2022. But with AI poised to optimize this attack and X-Force research indicating that AI can speed up attacks by nearly two days, the infection vector will remain a preferred choice for cybercriminals.Everyone is vulnerable – Red Hat Insights found that 92% of customers have at least one CVE with known exploits unaddressed in their environment at the time of scanning, while 80% of the top ten vulnerabilities detected across systems in 2023 were given a 'High' or 'Critical' CVSS base severity score."Kerberoasting" pays off – X-Force observed a 100% increase in "kerberoasting" attacks, wherein attackers attempt to impersonate users to escalate privileges by abusing Microsoft Active Directory tickets.Security misconfigurations – X-Force Red penetration testing engagements indicate that security misconfigurations accounted for 30% of total exposures identified, observing more than 140 ways that attackers can exploit misconfigurations.

Additional Resources

Download a copy of the 2024 X-Force Threat Intelligence Index.Read more about the report's top findings in this IBM Security Intelligence blog.Sign up for the 2024 IBM X-Force Threat Intelligence webinar on Thursday, March 7th at 11:00 am ET.Connect with the IBM X-Force team for a personalized review of the findings.

Media Contact
Georgia Prassinos
IBM
gprassinos@ibm.com

Photo - https://mma.prnewswire.com/media/2343602/IBM_x_force_Threat_Intelligence_Index_2024.jpg
Logo - https://mma.prnewswire.com/media/95470/ibm_logo.jpg

View original content:https://www.prnewswire.co.uk/news-releases/ibm-report-identity-comes-under-attack-straining-enterprises-recovery-time-from-breaches-302066473.html

en | boerse | 67948555 |