IBM has released the X-Force Threat Intelligence Index for 2024, underscoring a heightened global threat landscape where cybercriminals are increasingly exploiting user identities to infiltrate enterprises. The report provides a detailed overview of cybersecurity incidents across different regions, with a specific focus on the Middle East and Africa (MEA), where the exploitation of valid user credentials is becoming a predominant method of attack. This emerging trend poses significant challenges to security frameworks and demands robust defensive strategies to mitigate the impacts of these breaches.
In the MEA region, the report identifies a particularly alarming trend: 52% of cyberattacks originate from valid local accounts, and another 48% from valid cloud accounts. This marks a shift from traditional hacking methods to more sophisticated identity-based attacks, which use stolen or compromised credentials to gain unauthorized access to corporate networks. The prominence of such attacks in Saudi Arabia and the United Arab Emirates—accounting for 40% and 30% of incidents, respectively—highlights a critical vulnerability that threat actors are exploiting with increasing frequency.
The targeted sectors within the MEA region are equally telling. The finance and insurance industries, making up 38% of the incidents, are particularly vulnerable, reflecting the high value and sensitivity of the information they handle. This is closely followed by the transportation and energy sectors, each accounting for 19% of the attacks. These figures underscore the strategic focus of cybercriminals on sectors where they can cause the most disruption and extract valuable data.
Drawing on an analysis of more than 150 billion security events per day across over 130 countries, the X-Force report is built on comprehensive data from multiple sources within IBM. This includes IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and contributions from Red Hat Insights and Intezer. Such a vast dataset provides IBM with unique insights into the tactics, techniques, and procedures used by cyber adversaries.
One of the most startling revelations from the report is the 266% increase in infostealing malware globally. This type of malware is specifically designed to steal personal identifiable information such as emails, social media and messaging app credentials, banking details, crypto wallet data, and more. In the MEA region, malware was the top action on the objective observed by X-Force, involved in 50% of the incidents. This was followed by Distributed Denial of Service (DDoS) attacks, email threat hacking, server access breaches, and the use of legitimate tools for malicious purposes, each accounting for 17% of incidents.
The report highlights a crucial aspect of modern cybersecurity threats: the path of least resistance for cybercriminals often involves exploiting legitimate access credentials. This method of attack is not only harder to detect but also results in significantly costlier and more complex responses from security teams. Indeed, breaches caused by stolen or compromised credentials are associated with nearly 200% more complex response measures than the average incident and require approximately 11 months to detect and recover from—the longest response lifecycle of any infection vector.
As the digital threat landscape continues to evolve, particularly with the integration of AI technologies, the X-Force report underscores the need for enterprises to fortify their defenses. The use of AI by cybercriminals to optimize their attacks is a burgeoning trend, with more than 800,000 posts observed on AI and GPT across Dark Web forums in 2023 alone. This adoption of AI by threat actors indicates a shift towards more sophisticated and scalable cyberattacks, making traditional defense mechanisms potentially obsolete without continuous adaptation and advancement.
To help protect organizations against these evolving threats, the X-Force report provides several recommendations. These include reducing the “blast radius” of potential incidents by implementing a least privileged access framework, segmenting networks, and extending modern security detection and response capabilities to outdated systems. Stress testing environments and having customized incident response plans are also critical. These plans should not only cater to technical responses but also involve cross-organizational coordination, testing communication channels between IT teams and senior leadership.
Moreover, securing AI adoption is emphasised, focusing on protecting the underlying training data, the models, and their inferencing. IBM’s introduction of a comprehensive Framework for Securing Generative AI aims to assist organisations in prioritising defences based on the highest risks and potential impacts.
