IBM has said that identity management has come under severe attacks in the Middle East and Africa (MEA), which has strained enterprises’ breach recovery time.
   
In its 2024 X-Force Threat Intelligence Index, IBM highlighted an emerging global identity crisis as cybercriminals double down on exploiting user identities to compromise enterprises worldwide.
   
IBM said this global trend is also reflected in the MEA, with the use of valid local accounts and valid cloud accounts, making up the primary cause of cyberattacks against organisations in the region, according to X-Force – highlighting the need for strong user access and control strategies by enterprises.
    
According to IBM X-Force, IBM Consulting’s offensive and defensive security services arm, in 2023, cybercriminals saw more opportunities to “log in” versus hack into corporate networks through valid accounts – making this tactic a preferred weapon of choice for threat actors.
    
It revealed that Saudi Arabia was the most targeted country in MEA, representing 40 per cent of overall incidents that X-Force responded to in the region, followed by the United Arab Emirates (UAE) which made up 30 per cent of incidents. At the industry level, the most targeted sectors in the region were finance and insurance, making up 38 per cent of incidents, followed by transportation and energy at 19 per cent each.
     
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analyzed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer, which contributed to the 2024 report.
  
 The technology firm noted that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web today. The use of valid local accounts (52 per cent) and valid cloud accounts (48 per cent) represented the most commonly observed initial infection vectors in cyberattacks against organisations in the Middle East and Africa region, with espionage making up the top impact.
    
Globally, in 2023, X-Force saw attackers increasingly invest in operations to obtain users’ identities – with a 266 per cent uptick in infostealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more.
    
In MEA, malware in general was the top action on objective that X-Force observed threat actors using, representing 50 per cent of incidents. The use of malware was followed by DDoS, email threat hacking, server access and the use of legitimate tools for malicious purposes, all at 17 per cent, respectively.
   
According to it, this “easy entry” for attackers is harder to detect, eliciting a costly response from enterprises. The X-Force noted that major incidents caused by attackers using valid accounts were associated to nearly 200 per cent more complex response measures by security teams than the average incident – with defenders needing to distinguish between legitimate and malicious user activity on the network.
   
IBM’s 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months to detect and recover from – the longest response lifecycle than any other infection vector.
    
Identity-based threats will likely continue to grow as adversaries leverage generative AI to optimize their attacks. Already in 2023, X-Force observed over 800,000 posts on AI and GPT across Dark Web forums, reaffirming these innovations have caught cybercriminals’ attention and interest.
     
General Manager and Technology Leader, IBM Africa Growth Markets, Babacar Kane, said: “Te rising threats to user identities pose a major security risk in theregion. In today’s digital landscape, where we live, work, and engage with one another online, safeguarding sensitive information demands proactive measures.
   
“As threat actors start to look to AI to optimize their attacks, embracing AI-powered solutions isn’t just a choice anymore but a necessity to fortify organizations against evolving cyber threats that will scale. Partnering with the right technology provider ensures businesses remain ahead of the curve, fostering resilience and trust in their operations while propelling the region’s economic prospects.”
    
To help protect organisations against evolving cyber threats, X-Force recommended among others, reducing blast radius, stress-testing the environments having a plan and adopting AI securely.
     
IBM said organisations should consider implementing solutions to reduce the damage that a data security incident could potentially cause by reducing the incident’s blast radius- namely the potential impact of an incident given the compromise of particular users, devices, or data.
    
IBM recommended hiring hackers to stress test your environment and identify the existing cracks that cybercriminals could exploit to gain access to your network and carry out attacks. Also having incident response plans that are customised for your environment is key to reducing the time to respond, remediate and recover from an attack. Those plans should be regularly drilled and include a cross-organisational response, incorporate stakeholders outside of IT and test lines of communication between technical teams and senior leadership.