IBM's annual X-Force Threat Intelligence Index report, released today, highlights that cybercriminals continue to compromise users around the world and that the global identity crisis is intensifying.
Based on insights and observations from more than 150 billion security events tracked daily by IBM, Red Hat, and Intezer, the X-Force report found that cybercriminals have an increasing opportunity to log into corporate networks with valid accounts rather than hacking into corporate networks. Logically, it's much easier to hack an account without hacking it and having access to it. The report states that obtaining credentials is the go-to option for threat actors.
IBM found a 266% increase in the number of infostealing malware in 2023, indicating that threat actors are in high demand for login credentials. As the name suggests, infostealing malware is designed to steal personally identifiable information such as email, social** and messaging app credentials, banking details, and crypto wallet data.
The "easy-to-enter" path mentioned in the report is one of the more difficult paths to detect. According to data reported by X-Force, the security team's response to a major incident triggered by an attacker's use of a valid account is nearly 200% more complex than a typical incident, as defenders need to distinguish between legitimate and malicious user activity on the network.
Malicious actors and threat groups also like to target critical infrastructure organizations, with 70% of the attacks X-Force responded to last year targeting the most valuable infrastructure targets. Nearly 85% of the attacks on the most valuable infrastructure that X-Force has responded to have been committed through the exploitation of public-facing applications, phishing emails, and the use of valid accounts.
Artificial intelligence is a hot topic in the tech world in 2023, and it has also become a focus for cybercriminals. The report states that cybercriminals are now leveraging AI to boost their return on investment.
Just as ransomware emerged with Windows Server dominance in the market, business email scams** grew with the rise of Microsoft 365, and cryptojacking took center stage with the consolidation of the infrastructure-as-a-service market, a pattern that is likely to extend to artificial intelligence, according to the X-Force report.
X-Force boldly points out that once the AI market has established its dominance (i.e., "a single technology market share approaching 50% or the market is consolidated into three or less"), AI will see a similar maturation as an attack surface used by cybercriminals. The report says it's time for businesses to protect their AI models before cybercriminals scale up their activities.
Other findings in the report include that adversaries have a soft spot for Europe, with nearly one-third of attacks last year targeting European countries. Surprisingly, X-Force found that the number of phishing attacks decreased by 44% last year compared to 2022, but this could change given that AI can now speed up attacks.