According to the data recorded by IBM in 2023, Europe has been the region that was most affected by cyberattacks, after having experienced 32 percent of the total incidents worldwide. This alarming situation arises in the context where cyberattacks involving valid credentials have seen a significant increase. Furthermore, the use of malicious software for information theft has been on the rise, and there is a noticeable deficiency of basic security measures in critical infrastructures across the region.
The data further reveals that a staggering one in three (32%) of all the cyberattacks recorded globally targeted the European continent. Also, compared to the previous year, the region saw a 31 percent increase in the number of cyberattacks.
For European organizations, the weakest points of vulnerability were identities and emails. Illegitimate use of valid accounts accounted for 30% of the incidents, which witnessed a massive growth of 66 percent year-on-year. Phishing attacks were also responsible for 30% of the incidents. Malware was a significant factor in these cyberattacks, being present in 44 percent of the incidents, and Europe was also the region with the highest number of recorded ransomware attacks globally (26%).
For organizations based in Europe, the three most critical types of incidents were credential theft (28%), extortion (24%), and data breaches (16%). When analyzed by sector, the manufacturing industry emerged as the most attacked sector with 28% of the incidents. Professional, business, and consumer services sectors were the second most targeted (25%), followed by the financial and insurance sector (16 %). The energy sector moved down to fourth place (14%).
The energy sector in Europe as a whole experienced the highest percentage of incidents globally, at 43 percent, followed by the finance and insurance sector, at 37 percent.
The ‘IBM Security X-Force Threat Intelligence Index 2024’ collected this data. The report’s results come from numerous sources, including IBM X-Force Threat Intelligence, Incident Response, and data provided by Red Hat Insights and Intezer.
THE THREAT TO DIGITAL IDENTITY
The illegitimate use and exploitation of valid accounts have become a common tactic for cybercriminals, leading to billions of compromised credentials available on the Dark Web today.
The X-Force report has noted an alarming trend where attackers are investing more in operations to steal user identities. There was a 266 percent increase in the use of information theft malware designed to obtain personally identifiable data such as emails, social network and messaging application credentials, bank details, cryptocurrency wallet data, and more.
IBM points out that this “easy access” method for attackers is more challenging to detect, which causes companies to expend considerably more resources in response. It becomes particularly difficult for defenders to distinguish between legitimate and malicious user activity on the network.
Aside from the crisis around digital identity, the report also highlights a global deficiency in basic security in critical infrastructures. Almost 85 percent of attacks on critical sectors could have been mitigated with patches, multi-factor authentication, or principles of least privilege.
Globally, nearly 70 percent of the attacks that X-Force responded to targeted critical infrastructure organizations, including 74 percent in the European Union. About 85 percent of these attacks were caused by the exploitation of public-facing applications, phishing emails, and the illegitimate use of valid accounts.
Ransomware groups have also been observed to be moving towards a more agile business model, such as information theft. Attacks on large enterprises saw a decline of nearly 12 percent, attributed to the decision of these organizations to opt-out of paying ransom and decryption in favor of rebuilding their infrastructure.
GENERATIVE AI STILL EMERGING
The X-Force analysis predicts that once a single generative artificial intelligence (AI) technology approaches 50 percent market share, or when it consolidates into three or fewer technologies, scaled attacks against these platforms could be imminent.
This prediction is based on the fact that for cybercriminals to profit from their campaigns, the technologies they target must be widespread in a majority of organizations around the world.
IBM advises that even though generative AI is currently in its pre-mass commercialization phase, companies must take proactive steps to protect their models before cybercriminals expand their activity.
Despite the report indicating that the volume of attacks decreased by 44 percent compared to 2022, the X-Force report suggests that ‘phishing’ will continue to be the preferred infection vector for cybercriminals. With the aid of AI, cybercriminals can optimize this type of attack, potentially reducing its execution time by nearly two days.
EXTENT OF VULNERABILITY
There has been a 100 percent increase in ‘kerberoasting’ attacks, where attackers attempt to impersonate users to escalate privileges by abusing Microsoft Active Directory tickets.
Red Hat Insights found that 92 percent of customers have at least one CVE with known unaddressed exploits in their environment at the time of analysis. Also, 80 percent of the top ten vulnerabilities detected in systems in 2023 received a high or critical base severity score.
X-Force Red penetration testing indicates that security misconfigurations accounted for 30 percent of the total exposures identified. The testing looked at more than 140 ways attackers can exploit misconfigurations.
