As we delve into the cybersecurity landscape of 2023, it’s evident that the tactics and techniques employed by cybercriminals are evolving at an unprecedented pace. X-Force’s recent threat intelligence report sheds light on several critical trends and statistics that underscore the dynamic nature of cyber threats today.

Let’s explore the key findings and their implications for organizations globally.

1. Surge in Attacks Using Valid Credentials

One of the most alarming trends observed in 2023 is the 71% increase year-over-year in the volume of attacks using valid credentials. For the first time ever, cybercriminals have shifted their primary entry point into victim environments to abusing valid accounts, which accounted for 30% of all incidents X-Force responded to. This shift highlights the increasing sophistication of attackers who exploit legitimate access to bypass traditional security measures.

2. Decline in Enterprise Ransomware Incidents

Despite ransomware remaining the most common action on objective at 20%, X-Force noted a significant drop in enterprise ransomware incidents. This decline suggests that larger organizations are becoming more adept at intercepting attacks before ransomware is deployed and are increasingly opting to rebuild systems rather than pay ransoms. This trend is likely to impact the revenue expectations of cybercriminals who rely on encryption-based extortion.

3. Rise of Data Theft and Leak Incidents

Data theft and leak incidents have risen to become the most common impact for organizations in 2023. This indicates a strategic shift among threat actors who are now favoring data exfiltration and leakage as a primary means of financial gain. The move away from ransomware towards data theft underscores the need for robust data protection and monitoring strategies.

4. Infostealers on the Rise

X-Force has observed a staggering 266% increase in the use of infostealers, with threat groups previously specializing in ransomware now showing a growing interest in these tools. Prominent new infostealers like Rhadamanthys, LummaC2, and StrelaStealer have demonstrated increased activity, highlighting a diversification in the cybercriminal arsenal aimed at harvesting sensitive information.

5. Security Misconfigurations in Web Applications

Security misconfigurations remain a significant risk, accounting for 30% of web application vulnerabilities identified by X-Force penetration testing engagements. Common issues include allowing concurrent user sessions, which can undermine multifactor authentication (MFA) through session hijacking. This emphasizes the importance of rigorous configuration management and regular security audits.

6. Malicious Use of Legitimate Tools

Nearly one-third (32%) of incidents involved the malicious use of legitimate tools for purposes such as credential theft, reconnaissance, remote access, or data exfiltration. This trend highlights the challenge of distinguishing between legitimate and malicious activities, necessitating enhanced monitoring and behavioral analysis.

7. AI Platforms as Emerging Targets

X-Force’s analysis indicates that AI platforms will become significant targets for cyber attacks once they reach a market share threshold of 50% or when the market consolidates to three or fewer dominant technologies. This anticipated focus on AI underscores the need for proactive security measures in the development and deployment of AI systems.

8. Mitigation of Critical Infrastructure Incidents

A concerning 84% of critical infrastructure incidents in 2023 had initial access vectors that could have been mitigated through best practices such as asset and patch management, credential hardening, and the principle of least privilege. This finding stresses the importance of fundamental security hygiene in protecting vital systems.

9. Manufacturing Industry Under Siege

The manufacturing sector remained the top attacked industry for the third consecutive year, representing 25.7% of incidents within the top 10 attacked industries. Malware was the predominant action on objective (45%), with ransomware accounting for 17% of incidents. This trend underscores the critical need for robust cybersecurity measures in the manufacturing sector.

10. Regional Focus: Europe

Europe experienced a 31% increase in attacks year-over-year, with the highest percentage of incidents (32%) among the five geographic regions. Malware was the most observed action on objective, accounting for 44% of incidents, highlighting the region’s susceptibility to such threats.

The 2023 threat landscape, as depicted by X-Force’s comprehensive analysis, illustrates a shifting paradigm in cyber attacks. With an increased reliance on valid credentials, a decline in traditional ransomware, and a rise in data theft and infostealers, organizations must continuously adapt their security strategies. Proactive measures, regular audits, and robust data protection protocols are essential to mitigate these evolving threats and safeguard critical assets.

Source: IBM X-Force Threat Intelligence Index 2024