Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label X-Force. Show all posts

IBM Signals Major Paradigm Shift as Valid Account Attacks Surge

 


As a result of IBM X-Force's findings, enterprises cannot distinguish between legitimate authentication and unauthorized access due to poor credential management. Several cybersecurity products are not designed to detect the misuse of valid credentials by illegitimate operators, and this is a major problem for organizations seeking to detect illegitimate uses. 

Henderson added that these products do not detect illegitimate activity. In addition to widespread credential reuse and a vast repository of valid credentials that are being sold on the dark web for sale, IBM also stated that cloud account credentials account for almost 90% of the assets for sale on the dark web, which is also fueling the rise of identity-based attacks. 

The practice of credential reuse, Henderson said, can deliver the same results as single sign-on providers by allowing threat actors to gain access to a large number of accounts at once. It is well known that because users reuse credentials for many, many different accounts, the credentials themselves become de facto single sign-on. 

In the year 2023, the number of phishing campaigns that were linked to attacks declined by 44% from 2022 as threat actors flocked to valid credentials. Phishing accounted for almost one in three of the total number of incidents resolved by X-Force in 2016. 

It's not a technology shift for threat actors. They are taking low-cost routes of entry to maximize their return on investment. That's what Henderson said was not a technology shift, but rather a business strategy shift on their part. According to IBM's report, organizations still need to correct the mistakes cybersecurity experts have warned about for years. 

It is Henderson's belief that the industry would be dealing with newer and bigger problems by now, but he does not seem discouraged at all. The great thing about this report is that it simplifies what we need to do, and what's great about it is that there are no things that are insurmountable highlighted in it. 

Henderson explained that focusing on the right things and prioritizing them will solve the authentication problem. Henderson added that even if authentication is solved, it will be followed by another problem. 

However, as we get more and more successful, we reduce their return on investment, making it more difficult for them to commit crimes. It takes a lot of effort to toss out the business model that governs cybercrime, and that is exactly what companies are trying to do.