IBM Report: 2024 X-Force Threat Intelligence Index
IBM today unveiled the 2024 X-Force Threat Intelligence Index, which underscores a growing global identity crisis as cybercriminals intensify their efforts to compromise businesses globally by using user identities. In 2023, cybercriminals saw more opportunities to “log in” rather than hack into corporate networks through legitimate accounts, making this approach a preferred weapon of choice for threat actors, according to IBM X-Force, IBM Consulting’s offensive and defensive security services arm.
Based on observations and insights from tracking more than 150 billion security events daily across more than 130 countries, the X-Force Threat Intelligence Index was created. Furthermore, information is collected and examined from various IBM sources, such as IBM Managed Security Services, Incident Response, X-Force Red, IBM X-Force Threat Intelligence, and data from Red Hat Insights and Intezer, which were included in the 2024 report.
Among the principal points of emphasis are:
Critical infrastructure attacks expose industry “faux pas.” Patching, multi-factor authentication, and least-privilege principles could have prevented compromise in nearly 85% of attacks on critical sectors. This suggests that achieving what the security industry has historically referred to as “basic security” may be more difficult than previously thought.
Groups that use ransomware change to a more economical strategy. Enterprise ransomware attacks decreased by almost 12% in the previous year as larger organizations chose to rebuild their infrastructure rather than pay and decrypt the ransomware. Groups that had previously focused on ransomware were seen to shift to info stealers, as this increasing backlash is expected to affect adversaries’ revenue expectations from encryption-based extortion.
Attacks against generative AI don’t yet yield a return. According to X-Force analysis, at-scale attacks against these platforms may occur when a single generative AI technology approaches 50% of the market or when the market consolidates into three or fewer technologies.
Charles Henderson, Global Managing Partner, IBM Consulting, and Head of IBM X-Force, stated, “While security fundamentals’ doesn’t get as many head turns as ‘AI-engineered attacks,’ it remains that enterprises’ biggest security problem boils down to the basic and known – not the novel and unknown.” “Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimize the tactic.”
IBM X-force threat intelligence
Cybercriminals now find it easiest to exploit legitimate accounts because there are billions of compromised credentials available on the Dark Web. According to X-Force, info stealing malware increased 266% in 2023 as actors sought user identities. From social media and messaging apps, this malware steals emails, banking information, cryptocurrency wallet data, and credentials.
Because it is more difficult to identify, this “easy entry” for attackers prompts an expensive response from businesses. X-Force reports that major incidents resulting from attackers using legitimate accounts required security teams to implement nearly 200% more complex response measures than the average incident. This was because defenders had to discern between malicious and legitimate user activity on the network. According to IBM’s 2023 Cost of a Data Breach Report, breaches resulting from compromised or stolen credentials took an average of 11 months to identify and resolve, making it the infection vector with the longest response lifecycle.
This extensive surveillance of users’ online behavior was made clear when the FBI and European law enforcement took down a global cybercrime forum in April 2023, gathering the login credentials of over 80 million accounts. Threats based on identity will probably keep increasing as long as enemies use generative AI to make their attacks more effective. X-Force has already seen over 800,000 posts on GPT and AI in Dark Web forums in 2023, confirming that cybercriminals are interested in and aware of these developments.
Attackers “Log into” Networks of Critical Infrastructure
Critical infrastructure organizations were the target of nearly 70% of attacks that X-Force responded to globally. This is a concerning finding that shows that cybercriminals are betting on these high-value targets’ need for uptime to achieve their goals.
Phishing emails, the use of legitimate accounts, and the exploitation of public-facing applications were the causes of nearly 85% of the attacks that X-Force responded to in this sector. With DHS CISA reporting that most successful attacks on government agencies, critical infrastructure organizations, and state-level government bodies in 2022 involved the use of legitimate accounts, the latter presents a higher risk to the industry. This emphasizes how important it is for these companies to create incident response plans and regularly stress test their environments for possible exposures.
Generative AI: The Next Great Development in Secure
Cybercriminals need to target technologies that are widely used by most organizations globally to see a return on investment from their campaigns. Similar to how previous technological advancements, such as ransomware, Windows Server dominance, BEC scams, Microsoft 365 dominance, cryptojacking, and the consolidation of the Infrastructure-as-a-Service market, encouraged cybercriminal activity, this pattern is expected to continue with artificial intelligence.
According to X-Force, the establishment of generative AI market dominance, which occurs when a single technology approaches 50% of the market or when the market consolidates into three or fewer technologies, could lead to the maturation of AI as an attack surface and encourage cybercriminals to invest more in new tools.
While generative AI is still in its pre-mass market phase, businesses must safeguard their AI models before cybercriminals ramp up their operations. Businesses should understand that their current underlying infrastructure serves as a gateway to their AI models and can be targeted by attackers without the need for creative attacks. This emphasizes the need for an all-encompassing security strategy in the generative AI era, as described in the IBM Framework for Securing Generative AI.
Further discoveries:
Europe is the favored target of adversaries. Europe was the target of almost one in three attacks seen globally; the continent also saw the highest number of ransomware attacks (26% worldwide).
What happened to all the phish? Although phishing attacks are still the most common vector of infection, their volume has decreased by 44% since 2022. However, since AI has the potential to enhance this attack and X-Force research shows that AI can accelerate attacks by almost two days, cybercriminals will still favor the infection vector.
Everyone is at risk. According to Red Hat Insights, 82% of clients had at least one CVE with known exploits that was left unfixed in their environment when the scan was conducted, and 80% of the top ten vulnerabilities found in systems in 2023 received a base severity score of ‘High’ or ‘Critical’ on the CVSS.
“Kerberoasting” pays off: According to X-Force, there has been a 100% rise in “kerberoasting” attacks, in which hackers pretend to be users in order to abuse Microsoft Active Directory tickets and escalate privileges.
Misconfigured security X-Force Red penetration testing engagements show that security misconfigurations made up 30% of all exposures found, with over 140 different ways for attackers to take advantage of misconfigurations.
