Identity Compromises Surge as Top Initial Access Method for Cybercriminals

According to a new report from IBM X-Force Threat Intelligence, valid accounts made up 30% of total initial access vectors employed by actors in 2023. Phishing also accounted for 30% but researchers note a 11% drop compared to 2022. When it comes to valid accounts, there are several ways actors are getting a hold of such credentials. This includes buying credentials and databases from previous data breaches, which are typically sold on the dark web. Threat actors are also employing malware such as info stealers to exfiltrate personal and enterprise credentials as well as other personally identifiable information which can be used to launch successful attacks.

Security Officer Comments:
In light of the increase in abuse of valid accounts for initial access to victim environments, IBM emphasized the need to streamline identity management through a unified Identity and Access Management (IAM) provider and strengthen legacy applications with modern security protocols. IBM also notes the importance of regularly performing stress tests against systems to uncover potential weaknesses including the use of default passwords and lack of multi-factor authentication.