APAC accounts for one in five cybersecurity incidents: IBM

Asia-Pacific was the third most-targeted geography in 2023, accounting for 23% of all cybersecurity incidents, according to IBM’s 2024 X-Force Threat Intelligence Index. IBM X-Force is IBM Consulting’s offensive and defensive security services arm. 

Phishing (36%) and exploitation of public-facing applications (35%) were the most common initial access vectors observed in the region.

The study also found that cybercriminals saw more opportunities to "log in" instead of hacking into corporate networks through valid accounts – making this tactic a preferred weapon of choice for threat actors.

“‘AI-engineered attacks’ are receiving more attention due to the rise of generative AI in the current landscape, but the biggest security threat in Asia Pacific remains known unpatched vulnerabilities. Additional focus should also be placed on the region’s critical infrastructure and key industries such as manufacturing, finance and insurance, and transportation, with stress tests and well-prepared incident response plans in place,” said Catherine Lian, GM & Technology Leader, IBM ASEAN. 

“The exploitation of user identity is becoming a preferred weapon of choice for global threat actors, raising the need for more effective user access control strategies in the region, and prompting us to promote a holistic approach to security in the age of generative AI.”

Other findings from the Asia Pacific region include: 

- Cybercriminals continue to target manufacturers from the Asia Pacific region for the second year running, accounting for 46% of all incidents reported. At the industry level, manufacturing was the highest-targeted vertical in the region (46%), followed by finance and insurance, and transportation industries, which tied in second place at 12% and education is third at 8%.

- Phishing continues to be the top initial access vector in the region, with 36% of incidents in 2023, closely followed by exploitation of public-facing applications at 35%. The use of valid accounts, abuse of trusted relationship, and replication through removable media all tied for third with 12% of incidents observed. 

- Malware was the most observed action representing 45% of attacks in Asia Pacific. Ransomware accounted for 17% followed by info stealers (10%). Backdoor attacks which accounted for 31% in 2022 fell sharply, accounting for 3% of cases in 2023.

- The most common impact observed in attacks on the region were brand reputation and data theft at 27% each. Extortion, data destruction and data leak accounted for 20% of all incidents.

Global trends found included:

An identity crisis

Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the dark web today. In 2023, X-Force saw attackers increasingly invest in operations to obtain users’ identities globally – with a 266% uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more.

This “easy entry” for attackers is one that’s harder to detect, eliciting a costly response from enterprises. According to X-Force, major incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident – with defenders needing to distinguish between legitimate and malicious user activity on the network. 

In fact, IBM’s 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months to detect and recover from – the longest response lifecycle than any other infection vector.

This wide reach into users’ online activity was evident in the FBI and European law enforcement’s April 2023 takedown of a global cybercrime forum that collected the login details of more than 80 million user accounts. 

Identity-based threats will likely continue to grow as adversaries leverage generative AI to optimise their attacks. In 2023, X-Force observed over 800,000 posts on AI and GPT across dark web forums, reaffirming these innovations have caught cybercriminals' attention and interest.

Intrusions on critical infrastructure

Worldwide, nearly 70% of attacks that X-Force responded to were against critical infrastructure organisations, highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.

Nearly 85% of attacks that X-Force responded to on this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts. The latter poses an increased risk to the sector, with DHS CISA stating that the majority of successful attacks on government agencies, critical infrastructure organisations and state-level government bodies in 2022 involved the use of valid accounts. This highlights the need for these organisations to frequently stress test their environments for potential exposures and develop incident response plans.

Securing generative AI

For cybercriminals to see ROI from their campaigns, the technologies they target must be ubiquitous across most organisations worldwide. Just as past technological enablers fostered cybercriminal activities – as observed with ransomware and Windows Server's market dominance, business email compromise (BEC) scams and Microsoft 365 dominance or cryptojacking and the infrastructure-as-a-service market consolidation – this pattern will most likely extend across AI.

X-Force assessed that once generative AI market dominance is established – where a single technology approaches 50% market share or when the market consolidates to three or less technologies – it could trigger the maturity of AI as an attack surface, mobilising further investment in new tools from cybercriminals. 

Although generative AI is currently in its pre-mass market stage, it's paramount that enterprises secure their AI models before cybercriminals scale their activity, IBM said. Enterprises should also recognise that their existing underlying infrastructure is a gateway to their AI models that doesn't require novel tactics from attackers to target – highlighting the need for a holistic approach to security in the age of generative AI, as outlined in the IBM Framework for Securing Generative AI.

Everyone is vulnerable – Red Hat Insights found that 92% of customers have at least one common vulnerabilities and exposures (CVE) with known exploits unaddressed in their environment at the time of scanning, while 80% of the top ten vulnerabilities detected across systems in 2023 were given a ‘High’ or ‘Critical’ common vulnerability scoring system (CVSS) base severity score.

“Kerberoasting” pays off – X-Force observed a 100% increase in “kerberoasting” attacks, wherein attackers attempt to impersonate users to escalate privileges by abusing Microsoft Active Directory tickets.

Security misconfigurations – X-Force Red penetration testing engagements indicate that security misconfigurations accounted for 30% of total exposures identified, observing more than 140 ways that attackers can exploit misconfigurations.

Explore

Download the 2024 X-Force Threat Intelligence Index at https://www.ibm.com/account/reg/us-en/signup?formid=urx-52629

*The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer, which contributed to the 2024 report.