Key takeaways:
- Hackers are targeting valid user credentials to access corporate networks, making it harder for businesses to detect and respond to breaches
- Security incidents involving compromised credentials take longer to recover from compared to other attack methods
- Info-stealing malware designed to steal personal information is on the rise
- Critical infrastructure organizations are a prime target for cyberattacks
- Generative AI, while still new, could be a future target for cybercriminals.
A new report by IBM X-Force warns that cybercriminals are increasingly exploiting valid user credentials to gain access to corporate networks, making it harder for businesses to detect and respond to breaches.
The 2024 X-Force Threat Intelligence Index found that attackers are shifting tactics, focusing on “logging in” rather than hacking into systems. This tactic allows them to bypass traditional security measures and blend in with legitimate user activity, significantly extending remediation times.
According to the report, security incidents involving compromised credentials took an average of nearly 11 months to detect and recover from — the longest of any attack method.
“While ‘security fundamentals’ doesn’t get as many head turns as ‘AI-engineered attacks,’ it remains that enterprises’ biggest security problem boils down to the basic and known — not the novel and unknown,” said Charles Henderson, Global Managing Partner at IBM Consulting and Head of IBM X-Force.
The report also highlights the growing risk posed by identity theft, with a 266% increase observed in info-stealing malware designed to steal personal information like login credentials and financial data.
Another key finding is the rise of attacks targeting critical infrastructure organizations, with nearly 70% of attacks investigated by X-Force aimed at this sector. These attacks often exploit public-facing applications or leverage stolen credentials to gain access.
The report predicts that generative AI, a powerful new technology still in its early stages, could become a future target for cybercriminals. Once generative AI becomes more widely adopted, attackers are likely to develop new tools and techniques to exploit its vulnerabilities.
“It’s critical that enterprises secure their AI models now, before attackers have a chance to scale up their activities,” the report advises.
The report also details other cybersecurity trends, including a decline in phishing attacks but a warning that AI could make them more potent. It emphasizes the importance of patching systems and recommends that organizations conduct regular penetration testing to identify security weaknesses.Ⓒ
Business Bayani PH 
Leave a comment