IBM is releasing the 2024 X-Force Threat Intelligence Index underscoring an emerging global identity crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's offensive and defensive security services arm, in 2023, cybercriminals saw more opportunities to "log in" versus hack into corporate networks through valid accounts—making this tactic a preferred weapon of choice for threat actors.
Some key highlights of the report include:
- Attacks on critical infrastructure reveal industry "faux pas." In nearly 85% of attacks on critical sectors, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals—indicating that what the security industry historically described as "basic security" may be harder to achieve than portrayed.
- Ransomware groups pivot to leaner business model. Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure. With this growing pushback likely to impact adversaries' revenue expectations from encryption-based extortion, groups that previously specialized in ransomware were observed pivoting to infostealers.
- ROI from attacks on generative AI not there—yet. X-Force analysis projects that when a single generative AI technology approaches 50% market share or when the market consolidates to three or less technologies, it could trigger at-scale attacks against these platforms.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries.
In addition, data is gathered and analyzed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer, which contributed to the 2024 report.
"While 'security fundamentals' doesn't get as many head turns as 'AI-engineered attacks,' it remains that enterprises' biggest security problem boils down to the basic and known—not the novel and unknown" said Charles Henderson, global managing partner, IBM Consulting, and head of IBM X-Force. "Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimize the tactic."
Worldwide, nearly 70% of attacks that X-Force responded to were against critical infrastructure organizations, highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
Nearly 85% of attacks that X-Force responded to in this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts.
The latter poses an increased risk to the sector, with DHS CISA stating that the majority of successful attacks on government agencies, critical infrastructure organizations, and state-level government bodies in 2022 involved the use of valid accounts. This highlights the need for these organizations to frequently stress test their environments for potential exposures and develop incident response plans, according to the report.
X-Force assesses that once generative AI market dominance is established—where a single technology approaches 50% market share or when the market consolidates to three or less technologies—it could trigger the maturity of AI as an attack surface, mobilizing further investment in new tools from cybercriminals.
Although generative AI is currently in its pre-mass market stage, it's paramount that enterprises secure their AI models before cybercriminals scale their activity, according to IBM.
Enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that doesn't require novel tactics from attackers to target—highlighting the need for a holistic approach to security in the age of generative AI, as outlined in the IBM Framework for Securing Generative AI.
For more information about this news, visit www.ibm.com.