Some hours ago, IBM released the 2024 X-Force Threat Intelligence Index highlighting an emerging global identity crisis as cybercriminals double down on exploiting user identities to compromise enterprises worldwide.
This global trend is also reflected in the Middle East and Africa region (MEA), with the use of valid local accounts and valid cloud accounts, making up the primary cause of cyberattacks against organizations in the region, according to X-Force – highlighting the need for strong user access and control strategies by enterprises.
According to IBM X-Force, IBM Consulting offensive and defensive security services arm, in 2023, cybercriminals saw more opportunities to “log in” versus hack into corporate networks through valid accounts – making this tactic a preferred weapon of choice for threat actors.
Saudi Arabia was the most targeted country in MEA, representing 40% of overall incidents that X-Force responded to in the region, followed by the United Arab Emirates (UAE) while made of 30% of incidents.
At the industry level, the most targeted sectors in the region were finance and insurance, making up 38% of incidents, followed by transportation and energy at 19% each.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries.
In addition, data is gathered and analyzed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer, which contributed to the 2024 report.
Identity Crisis Poised to Worsen in the Region
Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web today.
The use of valid local accounts (52%) and valid cloud accounts (48%) represented the most commonly observed initial infection vectors in cyberattacks against organizations in the Middle East and Africa region, with espionage making up the top impact.
Globally, in 2023, X-Force saw attackers increasingly invest in operations to obtain users’ identities – with a 266% uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more.
In MEA, malware in general was the top action on objective that X-Force observed threat actors using, representing 50% of incidents.
The use of malware was followed by DDoS, email threat hacking, server access and the use of legitimate tools for malicious purposes, all at 17%, respectively.
This “easy entry” for attackers is one that’s harder to detect, eliciting a costly response from enterprises. According to X-Force, major incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident – with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM’s 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months to detect and recover from – the longest response lifecycle than any other infection vector.
Identity-based threats will likely continue to grow as adversaries leverage generative AI to optimize their attacks.
Already in 2023, X-Force observed over 800,000 posts on AI and GPT across Dark Web forums, reaffirming these innovations have caught cybercriminals attention and interest.
“The rising threats to user identities pose a major security risk in the region. In today’s digital landscape, where we live, work, and engage with one another online, safeguarding sensitive information demands proactive measures,” said Babacar Kane, General Manager and Technology Leader, IBM Africa Growth Markets. “As threat actors start to look to AI to optimize their attacks, embracing AI-powered solutions isn’t just a choice anymore but a necessity to fortify organizations against evolving cyber threats that will scale. Partnering with the right technology provider ensures businesses remain ahead of the curve, fostering resilience and trust in their operations while propelling the region’s economic prospects.”
Cybersecurity recommendations by X-Force:
- Reduce blast radius –
Organisations should consider implementing solutions to reduce the damage that a data security incident could potentially cause by reducing the incident’s blast radius- namely the potential impact of an incident given the compromise of particular users, devices or data.
This could include implementing a least privileged framework, network segmentation and an identity fabric that extends modern security and detection and response capabilities to outdated applications and system.
- Stress-test your environments & have a plan –
Hire hackers to stress test your environment and identify the existing cracks that cybercriminals could exploit to gain access to your network and carry out attacks.
Also having incident response plans that are customised for your environment is key to reducing the time to respond, remediate and recover from an attack.
Those plans should be regularly drilled and include a cross-organisational response, incorporate stakeholders outside of IT and test lines of communication between technical teams and senior leadership.
- Adopt AI securely –
Organisations should focus on the following key tenets to secure their AI adoption: secure the AI underlying training data, secure the models and secure the use and inferencing of the models.
It’s paramount to also secure the broader infrastructure surrounding AI models.
IBM recently introduced a comprehensive Framework for Securing Generative AI to help organisations prioritise defenses best on highest risk and potential impact.