Identity comes under attack in Middle East and Africa, IBM report
Cybercriminals saw more opportunities to "log in" versus hack into corporate networks through valid accounts – making this tactic a preferred weapon of choice for threat actors across Middle East and Africa region (MEA). This is according to the 2024 X-Force Threat Intelligence Index released by IBM.
Saudi Arabia was the most targeted country in MEA, representing 40% of overall incidents that X-Force responded to in the region, followed by the United Arab Emirates (UAE) while made of 30% of incidents.
At the industry level, the most targeted sectors in the region were finance and insurance, making up 38% of incidents, followed by transportation and energy at 19% each.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analyzed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer, which contributed to the 2024 report.
The report identifies crisis as cybercriminals double down on exploiting user identities to compromise enterprises worldwide, with the use of valid local accounts and valid cloud accounts, making up the primary cause of cyberattacks against organizations in the region, according to X-Force – highlighting the need for strong user access and control strategies by enterprises.
Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web today. The use of valid local accounts (52%) and valid cloud accounts (48%) represented the most commonly observed initial infection vectors in cyberattacks against organizations in the Middle East and Africa region, with espionage making up the top impact.
Globally, in 2023, X-Force saw attackers increasingly invest in operations to obtain users' identities – with a 266% uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more. In MEA, malware in general was the top action on objective that X-Force observed threat actors using, representing 50% of incidents. The use of malware was followed by DDoS, email threat hacking, server access and the use of legitimate tools for malicious purposes, all at 17%, respectively.
This "easy entry" for attackers is one that's harder to detect, eliciting a costly response from enterprises. According to X-Force, major incidents caused by attackers using valid accounts were associated to nearly 200% more complex response measures by security teams than the average incident – with defenders needing to distinguish between legitimate and malicious user activity on the network. In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months to detect and recover from – the longest response lifecycle than any other infection vector.
Identity-based threats will likely continue to grow as adversaries leverage generative AI to optimize their attacks. Already in 2023, X-Force observed over 800,000 posts on AI and GPT across Dark Web forums, reaffirming these innovations have caught cybercriminals attention and interest.
"The rising threats to user identities pose a major security risk in the region. In today's digital landscape, where we live, work, and engage with one another online, safeguarding sensitive information demands proactive measures,” said Babacar Kane, General Manager and Technology Leader of IBM Africa Growth Markets.
“As threat actors start to look to AI to optimize their attacks, embracing AI-powered solutions isn't just a choice anymore but a necessity to fortify organizations against evolving cyber threats that will scale . Partnering with the right technology provider ensures businesses remain ahead of the curve, fostering resilience and trust in their operations while propelling the region’s economic prospects."
