Attacks on critical network infrastructure are increasing, according to a report from IBM’s threat intelligence unit, X-Force.
“Worldwide, nearly 70% of attacks that X-Force responded to were against critical infrastructure organizations, an alarming finding highlighting that cybercriminals are wagering on these high value targets’ need for uptime to advance their objectives,” reads X-Force’s 2024 Threat Intelligence Index.
The X-Force Threat Intelligence Index is built around data from 150 billion security events per day in more than 130 countries. In addition, data is gathered and analyzed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer.
In terms of network infrastructure, nearly 85% of attacks on this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts. In 2023, X-Force saw attackers increasingly invest in operations to obtain users’ identities; there was a 266% uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more, the report found.
“This ‘easy entry’ for attackers is one that’s harder to detect, eliciting a costly response from enterprises,” X-Force stated. “Major incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident – with defenders needing to distinguish between legitimate and malicious user activity on the network,” X-Force stated.
Attackers are inclined to choose the path of least resistance in pursuit of their objectives, and in this era, the focus has shifted towards logging in rather than hacking in, highlighting the relative ease of acquiring credentials compared to exploiting vulnerabilities or executing phishing campaigns, X-Force stated. In addition, the report noted that nearly 85% of attacks on critical sectors, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege.