In this year’s IBM X-Force Threat Intelligence Index, our annual report of cybersecurity trends, we observed a pronounced surge in cyber threats targeting identities. Cyber criminals leveraged stolen credentials in 30% of the investigations X-Force responded to in 2023, which tracks a 71% increase compared to the previous year. Let’s take a look at some of the key findings from this year’s report.

There are several ways that cybercriminals obtain valid credentials to use in breaches. In 2023, one of the more notable ways was infostealer malware—we saw a 266% surge in infostealing malware activity. This heavy focus suggests that threat actors have revalued credentials as a reliable and preferred initial access vector.

In parallel with this increased targeting of valid credentials, we observed a 72% decline in zero-day exploits in 2023 compared to 2022. This decrease likely indicates attackers are invested in finding less resource-intensive methods for initial access. Rather than investing countless hours to identify unknown vulnerabilities and then writing and testing custom exploits, threat actors seem focused on attacking credentials and known vulnerabilities.

The abuse of valid credentials by threat actors presents unique challenges and risks for defenders, especially when those credentials are compromised on non-enterprise devices, outside of the visibility of an organization’s security team. When a threat actor is able to obtain credentials externally, defenders lose visibility on a critical phase of the attack lifecycle, and detecting the malicious use of valid credentials is much harder than detecting malware, exploitation of vulnerable systems, or password attacks.

These challenges are why it is critical for organizations to enforce multi-factor authentication for all accounts, strengthen their IAM systems, and stress-test their environments. We need to increase the cost to threat actors, render stolen credentials useless, and increase the visibility into credential use for the defenders to respond to and monitor effectively.

After all, why hack in when I can simply log in?

Learn more in the X-Force Threat Intelligence Index

The X-Force Threat Intelligence Index offers our unique insights to IBM clients, researchers in the security industry, policymakers, the media and the broader community of security professionals and business leaders.

Discover more in the report about the threat landscape and latest cybersecurity trends:

• Analysis of the top initial access vectors, top attacker actions on objective, and top impacts to organizations
• Geographic and industry trends
• Recommendations on how organizations should respond and where to start

Download the report and sign up to attend a webcast for a panel discussion with Kevin Albano, associate partner of IBM X-Force, and Ryan Leszczynski, a supervisory special agent in the FBI Cyber Division. They’ll offer a detailed explanation of the findings and what they mean for organizations defending against threats.