IBM X-Force Report 2024: Cybercriminals Favor Valid Account Exploitation Over Hacking
While AI-engineered cyberattacks may grab all the headlines, exploiting valid accounts has gained steam as cybercriminals double down on cracking into businesses worldwide, according to researchers at IBM X-Force, the tech giants’ security division.
In its 2024 X-Force Threat Intelligence Index report, IBM said, “cybercriminals saw more opportunities to ‘log in’ versus hack into corporate networks through valid accounts — making this tactic a preferred weapon of choice for threat actors.”
More from WWD
The report’s authors said using valid accounts to attack enterprises “has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the dark web today.” IBM said in 2023, “X-Force saw attackers increasingly invest in operations to obtain users’ identities — with a 266 percent uptick in info-stealing malware, designed to steal personally identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more.”
Charles Henderson, global managing partner of IBM Consulting and head of IBM X-Force, said while security fundamentals “don’t get as many head turns as ‘AI-engineered attacks,’ it remains that enterprises’ biggest security problem boils down to the basic and known — not the novel and unknown.”
“Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimize the tactic,” he added.
Valid logins are also more challenging to detect, the report found, noting that “major incidents caused by attackers using valid accounts were associated to nearly 200 percent more complex response measures by security teams than the average incident — with defenders needing to distinguish between legitimate and malicious user activity on the network.” And it takes longer to reveal the attack. IBM said detecting, fixing and recovering breaches from stolen credentials takes about 11 months.
The research revealed that ransomware attacks dropped 12 percent last year “as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure,” the report stated.
Meanwhile, there is a new cyber threat looming on the horizon.
IBM said once generative AI market dominance is established, “where a single technology approaches 50 percent market share or when the market consolidates to three or [fewer] technologies — it could trigger the maturity of AI as an attack surface, mobilizing further investment in new tools from cybercriminals.”
The report’s authors said while generative AI is currently in its pre-mass market stage, “it’s paramount that enterprises secure their AI models before cybercriminals scale their activity.”
Best of WWD
