Sweet New Threat Intel Just Dropped

John Hammond

29 Feb 202412:00

Summary

TLDRIn this informative video, cybersecurity expert John Hammond delves into the 2024 IBM Threat Intelligence Index, highlighting key findings and themes in the cyber security landscape. He explores initial access vectors, the rise of generative AI in cyber attacks, and the increasing focus on identity as a prime target for threat actors. Hammond emphasizes the observed 100% increase in certain attack techniques and a notable shift towards using valid credentials for breaches. Additionally, he touches on the decrease in ransomware incidents, underscoring the evolving nature of cyber threats and the importance of cybersecurity hygiene. The video promises further exploration and demos in future content, urging viewers to read the full report and attend an upcoming IBM webinar for deeper insights.

Takeaways

💻 IBM's Threat Intelligence Index 2024 provides critical insights into cybersecurity threats, risks, and trends across the industry.
🔑 Initial access vectors and cyber warfare, including the role of generative AI, are highlighted as significant areas of concern.
📲 Identities are becoming prime targets for cyberattacks, emphasizing the shift from device-centric to identity-centric security approaches.
💾 The report notes a 100% increase in CER roasting attacks, showcasing the ongoing relevance of older attack methods in current cybersecurity landscapes.
🔮 Generative AI's impact on cybersecurity is explored, with its potential both as a tool for attackers and defenders being a point of discussion.
🛡️ A significant year-over-year increase in the use of valid credentials for unauthorized access is reported, stressing the importance of strong authentication measures.
🚨 A decrease in ransomware incidents is observed, suggesting improvements in defensive measures and response strategies.
👉 Info stealer malware and security misconfigurations remain prevalent threats, with a notable increase in info stealer malware usage.
📝 The importance of cybersecurity hygiene and best practices in preventing incidents is underscored, especially for protecting critical infrastructure.
📱 The report provides detailed analyses of various attack vectors, including phishing, legitimate tool misuse, and web application vulnerabilities.

Q & A

What trends does the IBM Threat Intelligence Index cover?
-The IBM Threat Intelligence Index covers industry trends across cyber threats, adversaries, threat actors, risks, and what businesses and organizations are seeing regarding cybersecurity.
Why are identities becoming a bigger target for cyber attacks?
-Identities are becoming a bigger target because we now live in the cloud era where most of our access and applications are online. Attackers want to gain access through stolen credentials rather than exploit technical vulnerabilities.
What does the 100% increase in Kerberos roasting attacks indicate?
-The 100% increase in Kerberos roasting attacks indicates that threat actors are aggressively targeting identities and credentials within Active Directory environments as an easy pathway to access.
Has generative AI been used in actual cyber attacks yet?
-No, despite emerging AI-enabled threats, there has been no concrete evidence yet of generative AI engineered cyber attacks or a rapid shift in how attackers operate.
Why has there been a drop in ransomware incidents?
-The drop in ransomware is likely due to organizations improving their defenses and stopping attacks before ransomware can deploy. Also, more are choosing not to pay ransoms.
What percentage of critical infrastructure incidents could have been prevented?
-84% of critical infrastructure incidents had an initial access vector that could have been mitigated, indicating poor cybersecurity practices.
What are the top initial access vectors for attacks?
-The top vectors are valid accounts (30%), phishing (30%), public-facing application exploits (29%), and remote services (14%).
How are attackers bypassing multi-factor authentication?
-Attackers are using man-in-the-middle attacks to intercept 2FA codes and bypass MFA protections during account takeovers.
What vulnerabilities are mentioned in the report?
-Vulnerabilities mentioned include PrintNightmare, ProxyLogon, Spring4Shell, and open source web app risks like broken access controls.
How prevalent are discussions about AI in dark web forums?
-IBM observed over 800,000 posts mentioning AI/GPT in illicit markets and dark web forums in 2023, indicating significant interest.