Ransomware remains prominent, but if possible, hackers prefer to disguise themselves as regular employees. AI can lend them a hand in this.
The conclusion that hackers prefer to walk in rather than break in is once again confirmed in this year’s Threat Intelligence Index report by IBM X-Force. IBM has been warning for some time about the rise of identity theft among hackers in favor of ransomware. The study, based on thousands of incident response analyses, shows how attackers are increasingly gaining money and sensitive information through identity fraud and data theft, rather than encrypting systems.
Identity Theft Aided by AI
Identity theft made a comeback in 2024, with an 84% increase in the number of infostealer malware campaigns via email. This malware covertly forwards login credentials and other sensitive data to attackers. Once they have valid login information, they use it to gain access to corporate networks with little effort.
Valid accounts played a role in nearly a third of the incidents investigated. Their origin often lies in previous phishing campaigns or malware infections. The advantage that valid login credentials offer to attackers is that they can work subtly and unnoticed, ‘disguised’ as a legitimate employer.
read also
The Era of ‘Pathetic Phishing Attacks’ is Over
AI is playing an increasingly important role in this, IBM notes. Attackers use generative AI to create convincing phishing emails and deepfakes, increasing the chances of successful attacks. AI is also used in writing malicious code and setting up fake phishing sites. This automated approach allows attackers to easily scale up their activities.
Ransomware Remains a Threat Despite Decline
When possible, attackers prefer to walk in, but if necessary, they’ll resort to using a crowbar. Ransomware accounts for 28 percent of malware cases. The total number of incidents is declining for the third consecutive year, although other figures contradict this, but the impact and complexity are increasing. Companies sometimes face multiple extortion techniques, where systems are not only encrypted, but data is also stolen and made public to increase pressure.
Furthermore, the report shows that 30 percent of attacks come through vulnerabilities in publicly accessible applications. Attackers then use automatic scans to move further through the network and exploit additional weaknesses.
No Plan
IBM sees the biggest risk in the lack of crisis plans at companies. Many organizations appear unprepared for large-scale attacks or incidents. According to IBM, rapid detection, zero-trust network architectures, and better management of identities and access are essential to increase resilience.
The cloud also remains a concern. Attackers are increasingly using cloud services to set up phishing campaigns, benefiting from the trust these platforms enjoy. This makes it more difficult for defenders to detect or block malicious campaigns in a timely manner.
With this report, IBM sends a clear signal: those who don’t take action in terms of identity management, vulnerabilities, and (AI) security are sitting ducks.