wei - stock.adobe.com

Threat actors look to stolen credentials

In 2023, threat actors wrought havoc on corporate networks by logging in through valid accounts, and as bad actors begin investing in AI to help them identify priority targets, this problem is only expected to worsen in the future

The cyber security landscape is always shifting with ever-changing tactics from threat actors. In 2023, many cyber criminals were able to wreak havoc on corporate networks by logging in through valid accounts, and as bad actors begin investing in AI to help them identify priority targets, this problem is only expected to worsen in the future. Our findings in the 2024 edition of the IBM X-Force report pointed to three key trends that security professionals and CISOs need to observe and take action upon:

  • An increase in abuse of valid accounts
  • A pivot in the approach of major ransomware groups
  • The current and future impact of generative AI on cyber security

In the UK, the landscape of cyber threats mirrors global patterns but with localised nuances. Malware emerges as the primary weapon in the arsenal of threat actors, with ransomware and cryptominers leading the charge, constituting 30% and 20% of incidents respectively.

An alarming trend surfaces as valid accounts become the preferred point of entry for cyber criminals, constituting 50% of initial access vectors, followed by exploitation of public-facing applications at 25%. Industries like professional, business, and consumer services bear the brunt, representing 39% of all UK engagements.

The path to least resistance

As defenders fortify their defences, attackers pivot to easier tactics - leveraging valid credentials. This shift underscores the necessity for organisations to distinguish between legitimate and malicious user activity, a challenge amplified by the accessibility of credentials on the dark web.

While phishing incidents decreased 44% from 2022, the exploitation of valid credentials surged, indicating a strategic shift among threat actors. Notably, we identified a 100% increase in so-called Kerberoasting, signifying a nuanced approach to acquiring identities for malicious purposes.

Rise in infostealer malware

Concurrently, the prevalence of infostealer malware skyrockets by 266%, with ransomware incidents witnessing an 11.5% decline. This decline, however, is attributed to enhanced detection capabilities and a reluctance among larger organisations to pay ransoms.

Despite the drop in ransomware attacks, extortion-based assaults persist, underlining the significance of robust cybersecurity measures. Notably, incidents associated with the Cl0p ransomware group highlight the exploitation of vulnerabilities in widely used tools like MOVEit.

Generative AI attacks are not a direct threat just yet

The rise of ChatGPT has put Generative AI on the map and the rush to adopt is currently outpacing the industry’s ability to understand the security risks these new capabilities will introduce. However, a universal AI attack surface will materialise once the adoption of AI reaches a critical mass, forcing organisations to prioritise security defences that can adapt to AI threats at scale.

Moreover, while cyber criminals show interest in harnessing generative AI for their attacks, concrete evidence of gen AI-engineered cyber attacks remains elusive. Phishing stands out as a probable initial malicious application of AI, streamlining the creation of convincing messages from days to mere minutes. Nevertheless, while reports of AI-enabled attacks may surface soon, widespread activity is unlikely until enterprise AI adoption matures.

Continuing with fundamentals

The combination of a rise in infostealers and the abuse of valid account credentials to gain initial access has exacerbated defenders’ identity and access management challenges. Cyber criminals’ reinvigorated focus on identities highlights organisations’ risks on devices outside of their visibility, and they need to continue to emphasise good security habits in their workforces. Enterprise credential data can be stolen from compromised devices through credential reuse, browser credential stores, or accessing enterprise accounts directly from personal devices.

While “security fundamentals” do not get as much attention as “AI-engineered attacks,” enterprises’ biggest security problem still boils down to the basic and known, not the novel and unknown. Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimise the tactic.

Martin Borrett is technical director for IBM Security in the UK and Ireland

Read more about identity

Read more on Identity and access management products