The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is collected and analyzed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data from Red Hat Insights and Intezer, which contributed to the 2024 report.
The 2024 report includes the following findings for Europe and Germany:
- In 2023, Europe was the region most affected by cyberattacks with 32% of incidents handled by X-Force, ahead of North America (26%), Asia and Pacific (23%), Latin America (12%) and the Middle East and Africa (7%). In 2023, X-Force recorded the highest number of incidents in Europe compared to previous years, with an increase of 31% compared to the previous year.
- Malware was the most frequently observed cause, accounting for 44% of European incidents. Europe also had the most recorded ransomware attacks in the world, accounting for 26% of attacks, which is partly responsible for Europe’s ranking in 2023.
- The top three impacts on European companies were credential harvesting (28%), extortion (24%) and data leaks (16%).
- The manufacturing industry was the most targeted industry in Europe (28%), followed by professional, business and consumer services (25%), financial services (16%) and the energy sector (14%).
- In Germany, 39% of attacks targeted healthcare facilities, while 23% of attacks targeted the manufacturing industry and financial institutions.
- At a global level, Europe recorded the highest percentage of incidents in the energy sector (43% of all incidents recorded worldwide) and in the finance and insurance industry (37%).
Some of the global highlights and findings of the 2024 report are:
- Attacks on critical infrastructure highlight industry “faux pas”. In almost 85% of attacks on critical sectors, the compromise could have been prevented with the help of patches, multi-factor authentication or the least privilege principle – the restriction of user accounts. This shows that what the security industry has always called “basic security” is more difficult to achieve than claimed.
- Ransomware groups are switching to a leaner business model. Ransomware attacks on businesses have dropped by nearly 12% in the past year as larger companies have opted against paying and decrypting in favor of rebuilding their infrastructure. With this growing resistance likely influencing attackers’ revenue expectations from encryption-based extortion, we’re seeing groups previously specializing in ransomware increasingly become infostealers.
- No profit from attacks on generative AI – yet. According to X-Force analysis, once a single generative AI technology reaches 50% market share or the market consolidates to three or fewer technologies, large-scale attacks against these platforms are likely to occur.
“While ‘security fundamentals’ may not get as much attention as ‘AI-driven attacks’, it remains that the biggest enterprise security problem boils down to the fundamental and known issues – not the new and unknown ones,” said Charles Henderson, Global Managing Partner, IBM Consulting and Head of IBM X-Force. “Identity is being abused again and again to attack organizations – a problem that will only get worse as attackers invest in AI to optimize these tactics.”
Global ‘identity crisis’ will only get worse
Misusing valid accounts is the path of least resistance for cybercriminals, as billions of compromised credentials are now accessible on the dark web. In 2023, X-Force observed that attackers were increasingly investing in measures to obtain user identities – with a 266% increase in infostealing malware designed to steal personal information such as emails, social media and messaging app credentials, banking details, crypto wallet data and more.
This “easy entry” for attackers is far more difficult to detect and requires costly measures from organizations. According to X-Force, major incidents caused by attackers using valid accounts involved nearly 200% more complex response efforts by security teams than the average incident – requiring security leaders to differentiate between legitimate and malicious user activity on the network. In fact, the IBM 2023 Cost of a Data Breach Report found that security breaches caused by stolen or compromised credentials took around 11 months to detect and recover from – the longest response time compared to any other infection vector.
This extensive access to users’ online activity was highlighted when the FBI and European law enforcement agencies shut down a global cybercrime forum in April 2023 that collected the login credentials of more than 80 million user accounts. Identity-based attacks are likely to continue to grow as attackers will use generative AI to optimize their attacks. Already in 2023, X-Force observed over 800,000 posts about AI and GPT on dark web forums, confirming that these innovations have caught the attention and interest of cybercriminals.
Attackers “log in” to critical infrastructure networks
Worldwide, nearly 70% of the attacks X-Force was called in to help with targeted organizations with critical infrastructure – an alarming result that highlights cybercriminals’ reliance on the need for the availability of these high-value targets to achieve their own goals. This sector accounted for 74% of incidents in the EU.
Almost 85% of attacks responded to by X-Force in this area were caused by the exploitation of public applications, phishing emails and the use of valid accounts. The latter poses an increased risk to the sector, with the majority of successful attacks against government agencies, critical infrastructure companies and state government entities in 2022 involving the use of valid accounts, according to DHS CISA. This underscores the need for these organizations to conduct more frequent stress tests on their environments to identify potential risks and develop incident response plans.
Generative AI – the next big security challenge
For cybercriminals to make a profit from their campaigns, the technologies they target must be present in most organizations worldwide. Just as technological conditions have favored cybercriminal activity in the past – such as ransomware and the market dominance of Windows Server, BEC fraud and the dominance of Microsoft 365, or cryptojacking and the consolidation of the Infrastructure-as-a-Service market – this pattern will most likely extend to AI.
X-Force anticipates that generative AI market dominance, where a single technology reaches 50% market share or the market consolidates to three or fewer technologies, could tip the scales on the attractiveness of AI as an attack surface and trigger further investment by cybercriminals in new tools. Although generative AI is currently in the pre-mass commercialization phase, it is imperative that companies secure their AI models before cybercriminals expand their activities. Companies should also recognize that their existing underlying infrastructure is a gateway to their AI models that does not require new tactics from attackers to attack it. This underscores the need for a holistic approach to security in the age of generative AI, as described in IBM’s Framework for Securing Generative AI.
– – – – – –
Further links
👉 www.ibm.com
Photo: pixabay
