There is a global identity crisis emerging as cybercriminals double down on exploiting user identities to compromise enterprises worldwide, according to IBM’s latest 2024 X-Force Threat Intelligence Index, and the MEA (Middle East and Africa) region is no exception.
The latest report says that with the use of valid local accounts and valid cloud accounts make up the primary cause of cyberattacks against organisations in the region, highlighting the need for strong user access and control strategies by enterprises.
According to IBM X-Force, cybercriminals saw more opportunities in 2023 to “log in” versus hack into corporate networks through valid accounts – making this tactic a preferred weapon of choice for threat actors. Saudi Arabia was the most targeted country in MEA, representing 40% of overall incidents that X-Force responded to in the region followed by the United Arab Emirates (UAE) with 30% of incidents.
At the industry level, the most targeted sectors in the region were finance and insurance, making up 38% of incidents, followed by transportation and energy at 19% each.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150-billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Service, and data provided from Red Hat Insights and Intezer which contributed to the 2024 report.
Identity crisis poised to worsen in the region
Exploiting valid accounts has become the path of least resistance for cybercriminals with billions of compromised credentials accessible on the dark web today. The use of valid local accounts (52%) and valid cloud accounts (48%) represented the most commonly observed initial infection vectors in cyberattacks against organisations in the MEA region, with espionage making up the top impact.
Globally in 2023, X-Force saw attackers increasingly invest in operations to obtain users’ identities – with a 266% uptick in infostealing malware designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more.
In MEA, malware in general was the top action on objective that X-Force observed threat actors using, representing 50% of incidents. The use of malware was followed by DDoS, email threat hacking, server access and the use of legitimate tools for malicious purposes, all at 17% respectively.
This “easy entry” for attackers is one that’s harder to detect, eliciting a costly response from enterprises. According to X-Force, major incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident – with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM’s 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months to detect and recover from – the longest response lifecycle than any other infection vector.
Identity-based threats will likely continue to grow as adversaries leverage generative AI to optimise their attacks. Already in 2023, X-Force observed over 800 000 posts on AI and GPT across dark web forums reaffirming these innovations have caught cybercriminals attention and interest.
“The rising threats to user identities pose a major security risk in the region,” says Babacar Kane, GM and technology leader of IBM Africa Growth Markets. “In today’s digital landscape where we live, work, and engage with one another online, safeguarding sensitive information demands proactive measures.
“As threat actors start to look to AI to optimise their attacks embracing AI-powered solutions isn’t just a choice anymore, but a necessity to fortify organisations against evolving cyberthreats that will scale.
“Partnering with the right technology provider ensures businesses remain ahead of the curve, fostering resilience and trust in their operations while propelling the region’s economic prospects,” Kane says.
To help protect organisations against evolving cyberthreats, the X-Force report makes the following recommendations:
* Reduce blast radius – Organisations should consider implementing solutions to reduce the damage that a data security incident could potentially cause by reducing the incident’s blast radius- namely, the potential impact of an incident given the compromise of particular users, devices, or data. This could include implementing a least privileged framework, network segmentation and an identity fabric that extends modern security and detection and response capabilities to outdated applications and system.
* Stress-test your environments and have a plan – Hire hackers to stress test your environment and identify the existing cracks that cybercriminals could exploit to gain access to your network and carry out attacks. Also having incident response plans that are customised for your environment is key to reducing the time to respond, remediate, and recover from an attack. Those plans should be regularly drilled and include a cross-organisational response, incorporate stakeholders outside of IT, and test lines of communication between technical teams and senior leadership.
* Adopt AI securely – Organisations should focus on the following key tenets to secure their AI adoption: secure the AI underlying training data, secure the models, and secure the use and inferencing of the models. It’s paramount to also secure the broader infrastructure surrounding AI models. IBM recently introduced a comprehensive Framework for Securing Generative AI to help organisations prioritise defences best on highest risk and potential impact.