IBM: Identity-related cyberattacks spiked in 2023

Zach Russell headshot
cyber security
Overall, there was a 71% spike in cyberattacks caused by exploiting identity in 2023.

Cybercriminals seized on stealing identity in 2023, presenting a growing problem for retailers as online shopping habits continue to grow.

According to IBM’s annual X-Force Threat Intelligence Survey of over 150 billion security events, retail was the fifth-most targeted industry last year, accounting for 10.7% of all cyberattacks among the top 10 industries, up from 8.7% in 2022. X-Force saw attackers increasingly invest in operations to obtain users' identities – with a 266% uptick in info-stealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more. Overall, there was a 71% spike in cyberattacks caused by exploiting identity in 2023.

In nearly 85% of attacks on critical sectors, IBM says that compromised data could have been mitigated with patching, multi-factor authentication, or least-privilege principals, showing that what the security industry historically described as "basic security" may be harder to achieve than portrayed.

"While 'security fundamentals' doesn't get as many head turns as 'AI-engineered attacks,' it remains that enterprises' biggest security problem boils down to the basic and known – not the novel and unknown" said Charles Henderson, global managing partner, IBM Consulting, and head of IBM X-Force. "Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimize the tactic."

Worldwide, nearly 70% of attacks that X-Force responded to were against critical infrastructure organizations, showing that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives. Nearly nine-in-10 (85%)  attacks that X-Force responded to in this sector were caused by exploiting public-facing applications, phishing emails, and the use of valid accounts.

Other findings from the survey include the following:

  • Europe – adversaries' preferred target Nearly one in three attacks observed worldwide targeted Europe, with the region also experiencing the most ransomware attacks globally (26%).
  • Where did all the phish go? Despite remaining a top infection vector, phishing attacks saw a 44% decrease in volume from 2022. However, with AI poised to optimize this attack and X-Force research indicating that AI can speed up attacks by nearly two days, IBM says the infection vector will remain a preferred choice for cybercriminals.
  • Everyone is vulnerable Red Hat Insights found that 92% of customers have at least one CVE with known exploits unaddressed in their environment at the time of scanning, while 80% of the top ten vulnerabilities detected across systems in 2023 were given a 'High' or 'Critical' CVSS base severity score.
  • "Kerberoasting" pays off X-Force observed a 100% increase in "kerberoasting" attacks, when attackers attempt to impersonate users to escalate privileges by abusing Microsoft Active Directory tickets.
  • Security misconfigurations X-Force Red penetration testing engagements indicate that security misconfigurations accounted for 30% of total exposures identified, observing more than 140 ways that attackers can exploit misconfigurations.
This ad will auto-close in 10 seconds