New research from IBM has found that cyber attackers are using real accounts to gain access to IT systems and websites, instead of hacking into the system. This ‘path of least resistance’ means this method has seen an increase by a huge 71%, from the previous year. The report found that 50% of cyber attacks in the UK now involved the use of valid existing accounts.
The data from IBM’s X-Force Threat Intelligence Index explained that there are billions of account log in details, that have previously been hacked or stolen via malware, available to buy on the Dark Web, which are then being used by criminals to access accounts. Europe is the most targeted global region of 2023.
In 2023, IBM’s X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information. In addition to this, data theft and leak incidents rose by a third (32%) in 2023.
Interestingly, the report also found that 84% of critical infrastructure incidents could have been avoided with cyber security best practice.
This shows why creating secure passwords, as well as good password management within teams and businesses, is extraordinarily important. Being negligent in this area of cyber security can have a huge knock-on effect in terms of larger cyber breaches.
DI Dan Giannasi, head of cyber and innovation at the NWCRC, said: “This is a very interesting but also highly worrying report from IBM, and it shows just how vital basic cyber security hygiene is for individuals and small businesses.
“Cyber criminals are now preferring to use real people’s accounts, the details of which can be bought and sold online from huge data breaches, in order to compromise businesses online.
“Our advice is always that small businesses need to take password management and online account security very very seriously.
“This means choosing a secure and hard to guess password, updating it regularly and when prompted, as well as updating software when prompted.
“A good way of choosing a unique and secure password is the ‘three random words’ advice from the NCSC, which means selecting three completely different words, which make the password longer and stronger, and therefore much harder to hack.”
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries.
