February 21, 2024 at 03:23AM
Identity-related threats, such as stolen credentials, pose a growing risk to network security. IBM X-Force and CrowdStrike report a significant increase in cyber attacks using legitimate credentials, with compromise of cloud account credentials being predominant. Meanwhile, phishing attacks remained a leading initial access vector. Adversaries target identities as the easiest and fastest way into organizations.
Based on the meeting notes, the key takeaways are:
1. Identity-related threats, including the abuse of valid credentials, phishing, and targeting of API keys and secrets, pose a significant and increasing risk to network security.
2. In 2023, IBM X-Force reported a 71 percent year-over-year increase in attacks using valid credentials, representing 30 percent of all incidents responded to. Cloud account credentials make up 90 percent of for-sale cloud assets on the dark web.
3. Phishing, while also at 30 percent, tied with valid account abuse as the top initial access vector in 2023. However, the overall volume of phishing attacks was down by 44 percent compared to 2022, partly due to the use of valid credentials for initial access.
4. CrowdStrike also observed an uptick in identity-related threats, with attackers targeting API keys, session cookies, tokens, and other legitimate user credentials, aiming to blend in with legitimate behavior and evade detection.
5. Scattered Spider, a US and UK-based crew, demonstrated adeptness in identity-based attacks, utilizing SMS and voice phishing, as well as SIM swapping scams, to harvest credentials for network intrusions and extortion attacks.
6. Nation-state linked attackers, such as Cozy Bear, were also noted to conduct identity-based attacks, including credential phishing campaigns using Microsoft Teams messages to steal MFA tokens for Microsoft 365 accounts.
These takeaways emphasize the critical need for organizations to prioritize identity security and the mitigation of identity-based threats, as these attacks continue to be a significant challenge across the cybersecurity landscape.