- What is AI networking? How it automates your infrastructure (but faces challenges)
- I traveled with a solar panel that's lighter than a MacBook, and it's my new backpack essential (and now get 23% off for Black Friday)
- Windows 11 24H2 hit by a brand new bug, but there's a workaround
- This Samsung OLED spoiled every other TV for me, and it's $1,400 off for Black Friday
- How to Protect Your Social Media Passwords with Multi-factor Verification | McAfee Blog
IBM X-Force: Stolen credentials a top risk to network infrastructure
Attacks on critical network infrastructure are increasing, according to a report from IBM’s threat intelligence unit, X-Force.
“Worldwide, nearly 70% of attacks that X-Force responded to were against critical infrastructure organizations, an alarming finding highlighting that cybercriminals are wagering on these high value targets’ need for uptime to advance their objectives,” reads X-Force’s 2024 Threat Intelligence Index.
The X-Force Threat Intelligence Index is built around data from 150 billion security events per day in more than 130 countries. In addition, data is gathered and analyzed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer.
In terms of network infrastructure, nearly 85% of attacks on this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts. In 2023, X-Force saw attackers increasingly invest in operations to obtain users’ identities; there was a 266% uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more, the report found.
“This ‘easy entry’ for attackers is one that’s harder to detect, eliciting a costly response from enterprises,” X-Force stated. “Major incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident – with defenders needing to distinguish between legitimate and malicious user activity on the network,” X-Force stated.
Attackers are inclined to choose the path of least resistance in pursuit of their objectives, and in this era, the focus has shifted towards logging in rather than hacking in, highlighting the relative ease of acquiring credentials compared to exploiting vulnerabilities or executing phishing campaigns, X-Force stated. In addition, the report noted that nearly 85% of attacks on critical sectors, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege.
