View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 21, 2024

Massive spike in cyberattacks using valid user credentials

Breaches against enterprises using valid user credentials rose by 71% year-on-year in 2023, says a new study by IBM. 

By Greg Noone

Cyberattacks using valid user credentials spiked by 71% in 2023, according to a study by IBM. According to the report by its security team X-Force, abuse of legitimate credentials constituted a third of all cyberattacks on enterprises. Additionally, cybercriminal groups that previously relied on ransomware for their ill-gotten gains were observed pivoting to infostealers. 

“While ‘security fundamentals’ doesn’t get as many head turns as ‘AI-engineered attacks,’ it remains [the case] that enterprises’ biggest security problem boils down to the basic and known – not the novel and unknown,” said the head of IBM X-Force, Charles Henderson. “Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimise the tactic.”

An image of a man typing on a keyboard, used to illustrate a story about how hackers are increasingly using valid user credentials to mount cyberattacks.
Cybercriminals are increasingly predisposed to attacks that allow them to simply breeze past corporate cybersecurity by logging into systems using valid user credentials over and above hacking into them. (Photo by Antonov Roman / Shutterstock)

Abusing valid user credentials more expedient for hackers

X-Force also observed a 266% year-on-year uptick in the deployment of infostealing malware. Such programs are used to steal data like bank details, email and home addresses, and phone numbers. Used intelligently, and infostealing malware can be used to reconstruct a legitimate identity and spoof corporate cybersecurity measures primarily designed to look out for misaligned credentials. According to the study, these attacks often necessitated much more complex responses by defenders and, according to IBM’s previous ‘Cost of a Data Breach’ report, required an average of 11 months to detect and recover from. 

Critical national infrastructure (CNI) appears to be especially vulnerable to these types of cyberattacks. Last year, 85% of the attacks X-Force detected against CNI originated from phishing emails, the exploitation of public-facing applications, and the use of legitimate credentials to simply log into systems. Instances of so-called “kerberoasting” attacks, which involve attackers impersonating users and convincing IT security teams to escalate their privileges – also rose by 100%. 

Generative AI set to widen cybersecurity threat

Generative AI will only exacerbate the infostealing threat, said IBM, arguing that once the market for the technology has consolidated to three or fewer products, “it could trigger the maturity of AI as an attack surface, mobilizing further investment in new tools from cybercriminals.”

For the moment, however, the study advised that companies should look to shoring up their cyber-defences against more basic threats. Up to 85% of attacks on critical sectors, said IBM, could have been mitigated with the effective implementation of protocols like multi-factor authentication, the imposition of least-privilege principals, or simply by patching more regularly. 

News that cybercriminals increasingly favour abusing valid user credentials to attack corporations over and above hacking into their systems does not surprise ESET’s Jake Moore. “Cybercriminals often log into networks as part of their reconnaissance and research into a potential target company,” Moore told Tech Monitor. “By not immediately stealing or causing visible damage, they aim to remain undetected for as long as possible, increasing their chances of success in subsequent malicious activities. Moreover, doubled up with the latest AI-aided attacks, such threats are becoming more powerful yet timely. It is clear that optimisation and timing are key to remaining under the radar for as long as possible in carrying out such targeted attacks.”

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

Read more: 2023 ransomware haul $1.1bn for cyber-gangs

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU