Instead of hacking into company networks and corporate accounts, threat actors are increasingly choosing to exploit user identities instead, new research has claimed.
Not only is it easier to pull off, such identity theft tactics are also harder for victims to detect, meaning the damage a hacker can do this way is significantly bigger, according to the 2024 X-Force Threat Intelligence Index from IBM’s cybersecurity arm, X-Force.
Based on (among other things) insights from monitoring over 150 billion security events per day in more than 130 countries, the report claims cybercriminals are “doubling down” on exploiting user identities to compromise enterprises.
Complex measures to simple attacks
The easiest way into a corporate network is to simply buy a previously stolen account that’s being sold on the dark web, with the report claiming there are apparently “billions” of compromised credentials for sale.
According to the report, half (50%) of all cyberattacks in the UK last year started with the exploitation of a valid user account. Further 25% of cases involved exploiting publicly facing applications. In the rest of Europe, there’s been a 66% increase, year-on-year, in the (ab) use of valid user accounts. Also, there’s been a 266% increase in infostealing malware deployment.
Not only is the abuse of valid accounts easier for hackers, it’s also more expensive for victim organizations. X-Force says that all over the world, major incidents that came as a result of identity exploits triggered almost 200% more complex response measures. The key reason for this is the difficult job of separating legitimate traffic from the malicious one.
Per a separate IBM report published last year (Cost of a Data Breach), breaches caused by stolen or compromised credentials needed almost a year to go from detection to recovery.
“The biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones,” commented Martin Borrett, Technical Director, IBM Security, UK, and Ireland.
“Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.”
More from TechRadar Pro
- This deceptively simple cyberattack could spell doom for apps everywhere
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
