The X-Force Files: report says security fundamentals, not AI attacks, dominate the threat landscape

IBM Consulting’s security section, X-Force, has published its latest report: the Threat Intelligence Index. It makes for hard reading for those working in the infrastructure sector, with more than 80% of the attacks on these critical sectors letting attackers in due to basic security mistakes. Mistakes such as lack of patching, lack of multi-factor authentication and failure to prevent privilege escalation.

Things aren’t much better for the enterprise either. Kerberoasting attacks, in which Kerberos authentication protocols are compromised, were up by 100% and the deployment of infostealer malware by 266%.

Together, IBM X-Force reports, this meant attacks using valid identities increased by 71% over the previous year and now account for one in three attacks globally.

And that means the “existing security stack is bypassed and ineffective,“ said Dave Ratner, CEO at threat intelligence specialists HYAS. That’s why organisations should look for “cyber-resiliency solutions that see the anomalous behaviour inside the environment, and track and shut down the command-and-control communication”.

“While ‘security fundamentals’ doesn’t get as many head turns as ‘AI-engineered attacks,’ it remains that enterprises’ biggest security problem boils down to the basic and known – not the novel and unknown,” said Charles Henderson, Head of IBM X-Force.

“Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimise the tactic.”

X-Force report explains weakest points

And talking of AI, X-Force doesn’t think there is enough reward for major attacks against generative AI platforms just yet. However, X-Force predicts this will change when a single player gets anywhere near a 50% market share – or if that market shrinks to just a couple of platforms.

“Although generative AI is currently in its pre-mass market stage,” the X-Force report states, “it’s paramount that enterprises secure their AI models before cybercriminals scale their activity.”

Perhaps somewhat surprisingly given the media coverage of such incidents, both ransomware and phishing saw a decline over the course of 2023.

Phishing remains one of the leading attack vectors but X-Force reports a 44% decline in volume compared with 2022. Don’t expect it to go away any time soon, though.

Cybercriminals are using generative AI to optimise such attacks, with the report suggesting such usage can “speed up phishing attacks by nearly two days”.

As for ransomware, attacks on the enterprise dropped by 12%. Not a huge amount but evidence, perhaps, of organisations being willing to invest funds to rebuild infrastructure rather than pay for decryption keys.

X-Force suggests that this could be a reason for some groups diversifying from being solely ransomware players and pivoting to infostealers instead.

When it comes to ransomware, however, organisations in Europe are the preferred targets it would seem, with 26% of all attacks globally. More broadly speaking, Europe also saw one in three of all cyberattacks aimed in its direction.

More cybersecurity coverage

• All sectors need to be clear-eyed about AI security risks, warns NCSC Annual Report 2023
• Will Australia’s commitments to AI safety work with new privacy laws – or in stark contrast to them?
• Update now! Microsoft confirms three Windows zero-day vulnerabilities
• DP World outage: Cyber attack stops 40% of Australian shipping