IBM X-Force’s 2024 Threat Intelligence Index outlined how cybercriminals are advancing their tactics. X-Force, IBM’s threat intelligence research arm, taps into data from over 150 billion security events each day. Noting that hackers prefer an access path into the enterprise that is one of least resistance, IBM reported a 71% jump in 2023 from the prior year in threat actors using legitimate credentials to breach a targeted enterprise. Hackers commandeered valid credentials in 30% of all incidents the research arm responded to last year, the most common access method of any used in 2023. During incident response engagements, X-Force found a 100% rise in “Kerberroasting,” a tactic that uses Kerberos authorisation tickets to steal Microsoft Active Directory credentials.
In 32% of incidents, bad actors used authentic tools for malevolent use. IBM X-Force cited examples of hackers using vulnerability scanners for reconnaissance and adversary simulation solutions to steal data. These were for credential theft (13%), data exfiltration (11%) and reconnaissance (6%).
IBM X-Force reported fewer ransomware incidents in 2023, noting an 11.5% drop in incidents. However, despite the decline in incidents cybercriminals continue to employ the tactic to extort money from enterprises. The variants X-Force saw most often were BlackCat, CLOP, LockBit, BlackBasta, and Royal.
X-Force said that though AI-driven threats have been flagged as a concern, IBM has not seen any evidence of an issue with the technology as a criminal tool yet. However, X-Force noted that it has seen AI and GPT referenced in more than 800,000 posts in criminal markets and dark web forums last year. Still, X-Force does not expect to see AI-related attacks in the near term, the research organization anticipates bad actors will develop tools for malicious use.
With respect to verticals, manufacturing repeated its position at the top of the most targeted industry list. Over 25% of the incidents within the top ten targeted verticals were levelled against manufacturing.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData
Related Company Profiles
Microsoft Corp
Royal BAM Group NV