The X-Force Threat Intelligence Index relies on a vast amount of data, analyzing 150 billion security events daily across 130 countries. This includes insights from various IBM sources like X-Force Threat Intelligence, Incident Response, X-Force Red, Managed Security Services, and data from Red Hat Insights and Intezer.
The report underscores a shift in cyberattacks, with attackers increasingly opting for the “easy entry” approach through valid accounts rather than traditional hacking methods. Such attacks, often harder to detect, lead to significantly more complex responses by security teams, as distinguishing between legitimate and malicious user activity becomes a critical challenge.
Furthermore, the report highlights that attackers prefer exploiting valid accounts due to the relative ease of acquiring credentials compared to exploiting vulnerabilities or executing phishing campaigns. Nearly 85% of attacks on critical sectors could have been mitigated with measures like patching, multi-factor authentication, or least-privilege. Notably, valid accounts and phishing have become equally prominent as initial access techniques.
The rise in malware targeting information theft, exemplified by new infostealers like Rhadamanthys, LummaC2, and StrelaStealer, contributes to the flourishing dark web marketplace for stolen credentials. The report suggests that attackers are capitalizing on the challenge defenders face in distinguishing between legitimate and unauthorized identity use.
In this article, you will learn about seven key takeaways from IBM X-Force threat intelligence index report 2024.
7 Key Takeaways From IBM X-Force Threat Intelligence Index Report 2024
Here are seven key takeaways from IBM X-Force Threat Intelligence Index report 2024.
- Public Facing Apps Are More Prone To Attacks
The exploitation of public-facing applications, defined as the unauthorized manipulation of internet-facing computers or programs, has become a prevalent cybersecurity concern, constituting 29% of reported incidents as of 2024—an increment from 2022. These attacks involve adversaries capitalizing on vulnerabilities, ranging from software flaws to misconfigurations, to gain unauthorized access or disrupt operations.
The persistent nature of these threats necessitates a multifaceted approach for mitigation, including regular security audits, patch management, the deployment of Web Application Firewalls (WAFs), and the integration of security practices throughout the development lifecycle.To effectively counter the evolving landscape of cyber threats, organizations must prioritize security by design, incident response planning, user education, and network segmentation.
By fostering a proactive security culture and sharing threat intelligence, entities can bolster their defenses against the exploitation of public-facing applications. As these digital gateways remain critical points of entry, a collective and adaptive approach is essential to thwart the increasingly sophisticated tactics employed by adversaries seeking financial gain, data theft, or operational disruption.
- Security Misconfiguration is the Biggest Risk
Security misconfigurations emerged as the most significant risk during X-Force penetration testing engagements. Among these misconfigurations, allowing concurrent user sessions in applications stood out as a top offense. Such misconfigurations can weaken multifactor authentication (MFA) through session hijacking, highlighting the importance of addressing configuration vulnerabilities to enhance overall security posture.
- Zero Day Vulnerabilities Are Declining
According to the report, there has been a significant 72% decline in zero-day vulnerabilities in 2023 compared to the previous year, constituting only 3% of the total vulnerabilities tracked by X-Force. The decrease is attributed to attackers shifting towards alternative, less resource-intensive methods for unauthorized access, such as exploiting older vulnerabilities or utilizing valid credentials that may be compromised or purchased. This suggests a changing landscape in cyber threats on semi dedicated server, with attackers opting for more efficient avenues to compromise systems.
- Managed File Transfer Tools Pose a Security Threat
In 2023, a surge in cyberattacks targeted organizations through the exploitation of managed file transfer (MFT) tools like MOVEit and GoAnywhere. This trend revealed the substantial risk associated with managed file transfer tools, which, when compromised, provide attackers immediate access to sensitive enterprise data stored on cheap dedicated servers.
Prior to 2023, many defenders underestimated this risk, resulting in inadequately protected managed file transfer tool deployments lacking proper detection and response strategies. As a consequence, numerous organizations fell victim to cyber threats exploiting these internet-connected file transfer services.
- Extortion Based Attacks Are Still Rampant
In 2023, there was a significant decrease in ransomware attacks on enterprises, extortion-based attacks remained a prominent driver of cybercrime, according to X-Force observations. The report highlights that these extortion-driven incidents, second only to data theft and leaks, were a prevalent and impactful trend in global incident response engagements conducted by X-Force during the year.
- Attackers Focus Is Slowly Shifting Towards Linux
In recent times, there has been a notable escalation in the targeting of Linux systems, underscoring the growing significance of securing such environments. The report emphasizes a rise in malicious activities directed at Linux, with malware developers actively crafting Linux-specific malware and adapting existing malware families for compatibility. This evolving threat landscape accentuates the crucial need for robust system hardening measures and vigilant monitoring to counteract potential malicious activities on Linux systems.
- Critical Infrastructure Is The Prime Target For Attackers
The X-Force 2024 Threat Intelligence Index discloses a troubling trend as nearly 70% of cyber attacks addressed by X-Force were directed at critical infrastructure organizations. This alarming finding underscores cybercriminals’ strategic focus on high-value targets, exploiting their need for uninterrupted operation.
The attackers leverage the crucial requirement for uptime, placing essential services at risk for various objectives, highlighting the evolving and sophisticated nature of cyber threats. As technology becomes increasingly integrated into daily life, the report emphasizes the urgent need for robust cybersecurity measures to protect the foundational pillars of our interconnected world.
Which is the most fascinating finding from IBM X-Force Threat Intelligence Index 2024? Share it with us in the comments section below.