Attacks on critical network infrastructure are increasing, according to a report from IBMâs threat intelligence unit, X-Force.
âWorldwide, nearly 70% of attacks that X-Force responded to were against critical infrastructure organizations, an alarming finding highlighting that cybercriminals are wagering on these high value targets’ need for uptime to advance their objectives,â reads X-Forceâs 2024 Threat Intelligence Index.
The X-Force Threat Intelligence Index is built around data from 150 billion security events per day in more than 130 countries. In addition, data is gathered and analyzed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer.
In terms of network infrastructure, nearly 85% of attacks on this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts. In 2023, X-Force saw attackers increasingly invest in operations to obtain users’ identities; there was a 266% uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more, the report found.
âThis âeasy entryâ for attackers is one that’s harder to detect, eliciting a costly response from enterprises,â X-Force stated. âMajor incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident â with defenders needing to distinguish between legitimate and malicious user activity on the network,â X-Force stated.
Attackers are inclined to choose the path of least resistance in pursuit of their objectives, and in this era, the focus has shifted towards logging in rather than hacking in, highlighting the relative ease of acquiring credentials compared to exploiting vulnerabilities or executing phishing campaigns, X-Force stated. In addition, the report noted that nearly 85% of attacks on critical sectors, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege.
As for network access issues, the prominence of valid accounts as a preferred initial access technique among cybercriminalsâtying with phishing for the first timeâwas another notable development, according to X-Force.
This access technique is accompanied by an upsurge in malware designed to steal information, which bolster the dark webâs stolen credentials marketplace, X-Force stated.  A number of prominent new infostealers showed increased activity in 2023, such as Rhadamanthys, LummaC2 and StrelaStealer, X-Force stated.
âItâs clear that attackers have recognized the difficulty defenders have in distinguishing between legitimate identity use and unauthorized misuse,â X-Force stated.
âThis escalation in targeting of identities in cyberattacks underscores the critical importance for organizations to proactively identify, eliminate and audit potential attack vectors within their dynamic networks,â X-force stated. âThese measures are pivotal in reducing the attack surface, unveiling latent risks and autonomously remediating incidents that are independent of impending threats,â X-Force stated.
X-Force also noted that while generative AI and security threats potentially utilizing that technology are looming, none have had any appreciable impact on enterprise networks yet. âPolicy makers, business executives and cybersecurity professionals are all feeling the pressure to adopt AI within their operations. And the rush to adopt gen AI is currently outpacing the industryâs ability to understand the security risks these new capabilities will introduce,â X-Force stated.
However, a universal AI attack surface will materialize once adoption of AI reaches a critical mass, forcing organizations to prioritize security defenses that can adapt to AI threats at scale, X-Force stated.
In an attempt to identify key milestones that will indicate when a common AI threat landscape will mature, X-Force assessed previous technology disrupters and their threat maturity milestones. X-Force predicts threat actors will begin to target AI broadly once the market coalesces around common deployment models and a small number of vendors. X-Force analysis suggests that once a single AI technology approaches 50% market share, or when the market consolidates to three or less technologies, the cybercriminal ecosystem will be incentivized to invest in developing tools and attack paths targeting AI technologies.     Â
Some other interesting tidbits from the X-Force report include:
- Linux increasingly targeted. “The importance of securing Linux® systems has risen in prominence as increasing amounts of malicious activity targeting Linux have appeared. Malware developers are increasingly developing Linux malware and creating Linux variants of existing malware families. These changes to the Linux threat landscape highlight the criticality of systems hardening and monitoring for malicious activity,” the report states.
- Extortion-based attacks continue. “Although X-Force observed a notable drop in ransomware attacks on enterprises in 2023, extortion-based attacks continue to be a driving force of cybercrime this past year. These extortion-based attacks were only surpassed by data theft and leak as the most common impact observed in X-Force incident response engagements globally,” the report states.
- Security misconfigurations a top risk. “X-Force penetration testing engagements revealed that the most observed web application risk across client environments globally was security misconfigurations. Of these misconfigurations, the top offenses included allowing concurrent user sessions in the application, which could weaken multifactor authentication (MFA) through session hijacking.”
- Public-facing apps among top access vectors. “Exploitation of public-facing applicationsâdefined as adversaries taking advantage of a weakness in an internet- facing computer or programâwas identified in 29% of incidents, which is slightly higher than X-Force observed in 2022.”
- MFT tools pose a high risk. “In 2023, numerous organizations experienced cyberattacks as a result of widespread exploitation of managed file transfer (MFT) tools, such as MOVEit and GoAnywhere. MFT exploitation poses a high risk, as these internet-connected file transfer services facilitate the immediate access of sensitive enterprise data by attackers. Until 2023, many defenders overlooked the high-risk nature of MFT tools, leading to inadequately protected deployments without proper detection and response strategies.”
- Zero-day decline. “While zero-day vulnerabilities garner notoriety, the reality is that zero-day vulnerabilities make up a very small percentage of the vulnerability attack surfaceâcurrently at 3% of total vulnerabilities tracked by X-Force. In 2023, there was a 72% drop in the number of zero days compared to 2022 with only 172 new zero-day vulnerabilities,” the report stated. “This decrease is likely indicative of attackers finding other less resource-intensive methods to gain entry, such as exploitation of older vulnerabilities or use of valid credentials, compromised or purchased.”