IBM's latest report reveals that organizations' failure to manage identities and access properly is costing them dearly, with attackers increasingly exploiting valid accounts as an entry point. (Shutterstock)
Cybersecurity experts have long emphasized the importance of robust identity and access management practices to safeguard digital assets. A recent report by IBM, released on Wednesday, underscores the severe consequences faced by organizations failing to implement these measures effectively.
According to the report, which analyzed incidents investigated by IBM's X-Force intelligence service in 2023, exploiting valid accounts emerged as one of the most common methods used by threat actors to infiltrate organizations' IT systems. This approach accounted for 30% of initial entry vectors, on par with phishing, and just behind exploiting public-facing applications, which accounted for 29% of incidents.
The report highlights a significant increase in the use of valid accounts as an initial access vector compared to 2022, when it was only 16%. Attackers are increasingly opting for the path of least resistance, focusing on acquiring credentials rather than exploiting vulnerabilities or launching phishing campaigns.
The ease of obtaining compromised yet valid credentials from the dark web has contributed to this trend. Cloud account credentials, in particular, make up 90% of cloud assets for sale on the dark web, making it simple for threat actors to impersonate legitimate users and gain access to IT environments.
The report also notes a 100% increase in "Kerberoasting," a technique used to compromise Microsoft Windows Active Directory credentials through Kerberos tickets. This indicates a shift in attackers' tactics for acquiring identities to carry out their operations.
Furthermore, there has been a 266% increase in the use of information stealers by threat actors, which not only steal credentials but also other computer information.
The report underscores the importance of adhering to best practices and security fundamentals, such as asset and patch management, credential hardening, and the principle of least privilege. It notes that nearly 85% of incidents on critical infrastructure could have been mitigated with these practices.
In Canada, half of the attacks were against the government sector, making it the country with the most security incidents on government entities responded to by X-Force compared to other countries.
