Summary Bullets:
• For enterprising hackers, using legitimate credentials is the fastest path into the enterprise. IBM X-Force’s 2024 Threat Intelligence Index reported that bad actors commandeered valid credentials in 30% of all incidents the research arm responded to last year, the most common access method of any used in 2023.
• IBM saw an 11.5% decrease in ransomware demands, which the company attributed to increasing resistance from targeted companies to pay.
Today’s cyber threat environment remains toxic, virulent, and challenging for enterprises on the defensive. The 2024 IBM X-Force Threat Intelligence Index, sourced from the research team’s insights gained from tracking over 150 billion security threats each day, uncovered some changes in the processes and methodologies threat actors are using to mine enterprise resources for profit. Noting that hackers prefer an access path into the enterprise of one of least resistance, IBM reported a 71% jump in 2023 from the prior year in threat actors using legitimate credentials to breach a targeted enterprise. During incident response engagements, X-Force found a 100% rise in “Kerberroasting,” a tactic that uses Kerberos authorization tickets to steal Microsoft Active Directory credentials.
In 32% of incidents, bad actors used authentic tools for malevolent use. IBM X-Force cited examples of hackers using vulnerability scanners for reconnaissance and adversary simulation solutions to steal data. These were for credential theft (13%), data exfiltration (11%), and reconnaissance (6%).
IBM X-Force reported fewer ransomware incidents in 2023. However, despite the decline in incidents cybercriminals continue to employ the tactic to extort money from enterprises. The variants X-Force saw most often were BlackCat, CLOP, LockBit, BlackBasta, and Royal.
X-Force said that though AI-driven threats have been flagged as a concern, IBM has not seen any evidence of an issue with the technology as a criminal tool yet. However, X-Force noted that it has seen AI and GPT referenced in more than 800,000 posts in criminal markets and dark web forums last year. Still, while X-Force does not expect to see AI-related attacks in the near-term, the research organization anticipates bad actors will develop tools for malicious use.
With respect to verticals, manufacturing repeated its position at the top of the most targeted industry list. Over 25% of the incidents within the top ten targeted verticals were leveled against manufacturing.