User identities becoming an increasingly popular target for scammers
They're easier to abuse and last longer, report claims
Instead of hacking into company networks and corporate accounts, threat actors are increasingly choosing to exploit user identities instead, new research has claimed.
Not only is it easier to pull off, such identity theft tactics are also harder for victims to detect, meaning the damage a hacker can do this way is significantly bigger, according to the 2024 X-Force Threat Intelligence Index from IBM’s cybersecurity arm, X-Force.
Based on (among other things) insights from monitoring over 150 billion security events per day in more than 130 countries, the report claims cybercriminals are “doubling down” on exploiting user identities to compromise enterprises.
Complex measures to simple attacks
The easiest way into a corporate network is to simply buy a previously stolen account that’s being sold on the dark web, with the report claiming there are apparently “billions” of compromised credentials for sale.
According to the report, half (50%) of all cyberattacks in the UK last year started with the exploitation of a valid user account. Further 25% of cases involved exploiting publicly facing applications. In the rest of Europe, there’s been a 66% increase, year-on-year, in the (ab) use of valid user accounts. Also, there’s been a 266% increase in infostealing malware deployment.
Not only is the abuse of valid accounts easier for hackers, it’s also more expensive for victim organizations. X-Force says that all over the world, major incidents that came as a result of identity exploits triggered almost 200% more complex response measures. The key reason for this is the difficult job of separating legitimate traffic from the malicious one.
Per a separate IBM report published last year (Cost of a Data Breach), breaches caused by stolen or compromised credentials needed almost a year to go from detection to recovery.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“The biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones,” commented Martin Borrett, Technical Director, IBM Security, UK, and Ireland.
“Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.”
More from TechRadar Pro
- This deceptively simple cyberattack could spell doom for apps everywhere
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.