The cybersecurity landscape is continually evolving, and 2023 has seen significant shifts in the strategies and tactics employed by threat actors. A detailed analysis by X-Force reveals that the abuse of valid accounts has emerged as the top initial access vector, highlighting a critical area of concern for organizations worldwide. Let’s dive into the key findings and their implications for cybersecurity defense strategies.

Abuse of Valid Accounts: The Leading Initial Access Vector

In a notable shift, the abuse of valid accounts has risen from the third to the first place as the most common initial access vector in 2023, accounting for 30% of the incidents X-Force responded to. As defenders enhance their detection and prevention capabilities, attackers find that obtaining valid credentials is an increasingly easier route to infiltrate victim environments. The availability of compromised yet valid credentials on the dark web exacerbates this trend, with cloud account credentials alone comprising 90% of for-sale cloud assets.

This method of initial access has a profound impact on the complexity of response measures. Incidents involving valid account abuse require 190% more effort to remediate than the average incident. This statistic underscores the need for robust identity management and monitoring systems to detect and mitigate unauthorized access promptly.

The Rise of Infostealers and Credential Harvesting

2023 has also seen a concerning trend where ransomware groups pivot towards using infostealers. These tools, designed to harvest credentials, have become a reliable and

Phishing: A Persistent but Evolving Threat

Phishing remains a significant threat, accounting for 30% of all incidents remediated by X-Force in 2023. However, there has been a 44% decrease in phishing incidents compared to 2022. This decline is likely due to improved phishing mitigation strategies and a shift by attackers towards using valid credentials. Despite this decrease, phishing is expected to evolve, particularly with the advent of AI-generated phishing attacks. X-Force data indicates that AI can craft a deceptive phishing email in just 5 minutes, significantly reducing the time required for attackers and potentially increasing the volume and sophistication of phishing attempts.

Exploitation of Public-Facing Applications

Exploitation of public-facing applications was identified in 29% of incidents, slightly higher than in 2022. Notably, many organizations fell victim to cyberattacks through the exploitation of managed file transfer (MFT) tools like MOVEit and GoAnywhere. These tools, often overlooked in terms of security, provide attackers with immediate access to sensitive enterprise data. The widespread exploitation of MFTs in 2023 highlights the need for comprehensive threat models that map out potential attack paths and safeguard sensitive data across all environments.

Security Misconfigurations: The Top Web Application Risk

X-Force’s penetration testing data reveals that security misconfigurations are the most observed risk across client environments, accounting for 30% of total findings. Common misconfigurations include allowing concurrent user sessions, verbose error messages, and excessive session timeouts. These vulnerabilities can significantly weaken security measures, such as multifactor authentication (MFA), making it easier for attackers to gain access.

Decline in Zero-Day Vulnerabilities

Interestingly, 2023 saw a 72% drop in the number of zero-day vulnerabilities compared to 2022. This decrease suggests that attackers are finding other, less resource-intensive methods to gain entry, such as exploiting older vulnerabilities or using compromised valid credentials. While zero-day vulnerabilities still pose a significant threat, their reduced frequency indicates a shift in attacker tactics.

Linux Systems Under Attack

The increasing targeting of Linux systems by malware developers emphasizes the need for robust security measures in these environments. In 2023, a significant number of Linux systems were found to have multiple critical vulnerabilities with known exploits. Proactive vulnerability management and system hardening are essential to defend against these threats.

Conclusion

The threat landscape of 2023 highlights the dynamic nature of cyber threats and the continuous adaptation of threat actors. The rise in the abuse of valid accounts, the evolution of phishing, and the exploitation of public-facing applications underscore the need for comprehensive and proactive security strategies. Organizations must invest in robust identity management, continuous monitoring, and thorough threat modeling to stay ahead of these evolving threats and protect their critical assets effectively.

Source: IBM X-Force Threat Intelligence Index 2024