The observed 71% surge in cyber threats targeting identities represented 30% of all incidents in 2023. The top outcome for criminals was data theft at 32%.
Now attackers abuse valid accounts to log in instead of hacking into business networks. This makes criminal reconnaissance, remote access, and data exfiltration easier as the traffic occurs from legitimate accounts.
The prominence of valid accounts as a preferred initial access technique among cybercriminals, tying at 30% with phishing for the first time. Also not surprising, human-crafted phishing emails are time intensive, requiring 16 hours to complete on average. Now with AI, criminals can craft a deceptive email in five minutes. Now that’s productivity!
Several threat groups that specialize in ransomware are migrating to infostealers, which helps explain the 266% year-over-year increase.
Recommendations:
- Implement MFA and robust password policies
- User training to identify fraud attempts through Microsoft 365
- Configure least privilege with identity and network segmentation
- Improve security configurations of web applications
- Methodical vulnerability management is a crucial aspect of proactive defense
- Harden Active Directory configurations
- Invest in continuous monitoring
- Design and test an incident response and recovery plan