IBM Announces Significant Transition in Legitimate Account Hacking Attempts
In a recent report, IBM X-Force's 2023 Threat Intelligence Index, it was revealed that there was a 71% increase in the volume of valid account credential attacks. This alarming rise is primarily attributed to threat actors exploiting compromised credentials obtained from phishing, data breaches, and dark web marketplaces.
Charles Henderson, global managing partner and head of IBM X-Force, stated that threat actors have shifted to using valid credentials as the path of least resistance. This approach enables them to bypass typical perimeter defenses by using valid usernames and passwords, often against remote services like VPNs, Remote Desktop Protocol (RDP), and cloud portals.
The increase in these attacks is also linked to poor password hygiene, such as password reuse, weak passwords, and lack of multi-factor authentication (MFA). This makes credential stuffing and brute-force attacks more effective, as seen in incidents like 23andMe's breach caused by password reuse.
To reduce these attacks, IBM X-Force recommends implementing multifactor authentication (MFA) or passwordless authentication methods such as passkeys, enforcing strong password policies, robust credential management, security awareness training, proactive patch management, and exposure management.
Interestingly, the number of phishing campaigns linked to attacks declined 44% from 2022. However, phishing comprised nearly one-third of all incidents remediated by X-Force last year. This indicates a shift in tactics by threat actors, who are now focusing more on exploiting valid credentials.
Another concerning finding is that cloud account credentials account for almost 90% of assets for sale on the dark web. This underscores the importance of securing cloud accounts and implementing strong identity and access management controls.
Henderson believes that the industry should be on to newer and bigger problems by now, but he is not discouraged. He states that solving authentication will lower the return on investment for cybercriminals, thereby overturning the business model that is cybercrime.
However, it's worth noting that many cybersecurity products are not designed to detect when valid credentials are used by an invalid operator. This highlights the need for continuous improvement and innovation in cybersecurity solutions.
In conclusion, attackers increasingly rely on exploiting valid credentials acquired from external breaches and user error, bypassing defenses by appearing as legitimate users. The strongest defenses focus on hardening identity and access management controls, especially MFA, combined with user training and credential hygiene improvements. Organizations have largely failed to correct the mistakes cybersecurity experts have warned about, making it crucial for them to prioritize these solutions to protect their assets and reduce the risk of falling victim to these attacks.
[1] https://www.ibm.com/security/threat-intelligence-report [2] https://www.ibm.com/security/threat-intelligence-report/2023 [4] https://www.ibm.com/security/threat-intelligence/cybercrime-as-a-service [5] https://www.ibm.com/security/threat-intelligence/password-security
- Despite a decrease in phishing campaign volume, threat actors are focusing more on exploiting valid credentials obtained from various sources, as revealed by IBM X-Force's 2023 Threat Intelligence Index.
- Cybercriminals are increasingly using valid credentials, obtained from phishing, data breaches, and dark web marketplaces, to bypass traditional cybersecurity defenses, according to Charles Henderson, IBM X-Force's global managing partner.
- To counter these attacks, IBM X-Force suggests implementing strong identity and access management controls, such as multifactor authentication, proactive patch management, and vulnerability exposure management, along with emphasizing password hygiene and security awareness training.
