IBM unveiled the 2024 X-Force Threat Intelligence Index shedding light on a burgeoning worldwide identity crisis as cyber adversaries intensify their focus on leveraging user identities to infiltrate enterprises on a global scale. This pervasive trend extends to the Middle East and Africa (MEA) region, where the predominant method of cyber assault against organisations involves the exploitation of valid local and cloud-based accounts, as reported by X-Force. This underscores the imperative for robust user access and control measures within enterprises.
In 2023, cybercriminals increasingly favoured “logging in” over traditional hacking methods to breach corporate networks, marking a shift in tactics noted by IBM X-Force, the IBM Consulting arm specialising in offensive and defensive security services.
Within the Middle East and Africa (MEA) region, Saudi Arabia emerged as the primary target, accounting for 40% of all incidents responded to by X-Force, followed closely by the United Arab Emirates (UAE) at 30%. Notably, the finance and insurance sectors bore the brunt of attacks, comprising 38% of incidents, with transportation and energy sectors following at 19% each.
The X-Force Threat Intelligence Index draws from a vast data pool, monitoring over 150 billion security events daily across 130 countries. Insights are culled from various IBM sources, including X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, as well as data from Red Hat Insights and Intezer, all contributing to the comprehensive 2024 report.
The prevalence of exploiting valid accounts has escalated, with billions of compromised credentials accessible on the Dark Web. In the MEA region, cyberattacks primarily initiate through valid local (52%) and cloud (48%) accounts, with espionage as the primary objective. Globally, 2023 witnessed a 266% surge in infostealing malware, targeting personal identifiable information such as emails, social media credentials, banking details, and crypto wallet data. In MEA, malware accounted for 50% of observed incidents, followed by DDoS attacks, email threats, server access, and the use of legitimate tools for nefarious purposes, each at 17%.
This method of entry presents detection challenges, resulting in heightened response efforts from enterprises. Major incidents stemming from compromised credentials necessitated nearly 200% more complex response measures by security teams compared to average incidents, extending the response lifecycle significantly.
IBM’s 2023 Cost of a Data Breach Report underscores the prolonged recovery time, with breaches attributed to stolen credentials requiring approximately 11 months to detect and remediate, the longest among infection vectors.
As adversaries increasingly turn to AI to refine their attacks, the threat landscape continues to evolve. Dark Web discussions surrounding AI and GPT exceeded 800,000 posts in 2023, indicating cybercriminals’ keen interest in these advancements.
Babacar Kane, General Manager & Technology Leader, Africa Growth Markets, stresses the urgency of proactive security measures in the face of escalating identity-based threats.
“As threat actors start to look to AI to optimize their attacks, embracing AI-powered solutions isn’t just a choice anymore but a necessity to fortify organizations against evolving cyber threats that will scale . Partnering with the right technology provider ensures businesses remain ahead of the curve, fostering resilience and trust in their operations while propelling the region’s economic prospects.”
To mitigate evolving cyber risks, the X-Force report recommends:
Reducing blast radius through implementing least privileged frameworks, network segmentation, and modern identity fabric. • Conducting regular stress tests and customized incident response drills.
Securely adopting AI by focusing on securing training data, models, inferencing, and the broader infrastructure.
IBM’s Framework for Securing Generative AI offers a comprehensive approach to prioritise defenses based on risk and potential impact, aiding organizations in safeguarding against emerging threats.