71% Increase year over year in volume of attacks using valid credentials
For the first time ever, abusing valid accounts became cybercriminals’ most common entry point into victim environments. It represented 30% of all incidents X-Force responded to in 2023.
11.5% Drop in enterprise ransomware incidents
Despite remaining the most common action on objective (20%), X-Force observed a drop in enterprise ransomware incidents. This drop is likely to impact adversaries’ revenue expectations from encryption-based extortion as larger organizations are stopping attacks before ransomware is deployed and opting against paying and decrypting in favor of rebuilding if ransomware takes hold.
32% Percentage of data theft and leak incidents
Data theft and leak rose to the most common impact for organizations, indicating more groups are favoring this method to obtain financial gains.
266% Upsurge in use of infostealers
X-Force has observed threat groups who have previously specialized in ransomware showing increasing interest in infostealers. And a number of prominent new infostealers recently debuted and demonstrated increased activity in 2023, such as Rhadamanthys, LummaC2 and StrelaStealer
30% Share of security misconfigurations among web application vulnerabilities identified
X-Force penetration testing engagements revealed that the most observed web application risk across client environments globally was security misconfigurations. Of these misconfigurations, the top offenses included allowing concurrent user sessions in the application, which could weaken multifactor authentication (MFA) through session hijacking.
32% Percentage of incidents that involved malicious use of legitimate tools
Nearly one-third of incidents that X-Force responded to were cases where legitimate tools were used for malicious purposes, such as credential theft, reconnaissance, remote access or data exfiltration.
50% Market share threshold likely to trigger attacks against AI platforms
X-Force analysis indicates that the establishment of AI market dominance will signal AI attack surface maturity. This analysis suggests that once a single AI technology approaches 50% market share, or when the market consolidates to three or less technologies, the cybercriminal ecosystem will be incentivized to invest in developing tools and attack paths targeting AI technologies.
84% Percentage of critical infrastructure incidents where initial access vector could have been mitigated
For a majority of incidents on critical infrastructure that X-Force responded to, the initial access vector could have been mitigated with best practices and security fundamentals, such as asset and patch management, credential hardening and the principle of least privilege.
25.7% Share of manufacturing attack incidents within the top 10 attacked industries
Manufacturing was once again the top attacked industry in 2023 for the third year in a row, representing 25.7% of incidents within the top 10 attacked industries. Malware was the top action on objective observed at 45%. Ransomware accounted for 17% of incidents.
31% Increase in attacks year over year in Europe
Europe also experienced the highest percentage of incidents (32%) out of the five geographic regions. Malware was the most observed action on objective accounting for 44% of incidents
Comentários