IBM 年度 X-Force 报告：网络犯罪分子越来越多地利用合法用户身份

今天发布的 IBM 年度X-Force威胁情报指数报告强调指出，网络犯罪分子继续危害全球用户，全球身份危机正在加剧。

Based on insights and observations from over 150 billion security events tracked daily across IBM, Red Hat and Intezer, the report found that cybercriminals are finding more opportunities to log in versus hacking into corporate networks through valid accounts. Logically, being able to access an account without needing to hack it is a lot easier than hacking it, as the report noted that obtaining credentials is the preferred choice of threat actors.

根据 IBM、Red Hat 和 Intezer 每天跟踪的超过 1500 亿次安全事件的洞察和观察，X-Force 报告发现，网络犯罪分子通过有效账户登录企业网络的机会越来越多，而不是入侵企业网络。从逻辑上讲，无需黑访问而能访问账户就直接黑成功账户要容易得多。报告指出，获取凭据是威胁行动者的首选。

How much threat actors want login credentials were represented in the finding from IBM that there was a 266% uptick in infostealing malware in 2023. Infostealing malware, as the name suggests, is designed to steal personally identifiable information such as emails, social media and messaging app credentials, banking details and crypto wallet data.

IBM 发现，2023 年信息窃取型恶意软件的数量增长了 266%，这说明威胁行为者对登录凭证的需求非常大。顾名思义，信息窃取恶意软件的目的就是窃取个人身份信息，例如电子邮件、社交媒体和消息应用程序凭证、银行详细信息和加密钱包数据等。

The “easy entry” path, as the report refers to it, is one that’s harder to detect. According to X-Force, major incidents caused by attackers using valid accounts were associated with nearly 200% more complex response measures by security teams than the average incident – with defenders needing to distinguish between legitimate and malicious user activity on the network.

报告中提到的“易进入”路径是一种较难检测的路径。根据 X-Force 报告的数据，由攻击者使用有效账户引发的重大事件与一般事件相比，安全团队采取的应对措施的复杂度增加了近 200%，因为防御者需要区分网络上的合法用户活动和恶意用户活动。

Malicious actors and threat groups were also found to be fond of targeting critical infrastructure organizations, with 70% of attacks that X-Force responded to last year being against high-value infrastructure targets. Nearly 85% of attacks that X-Force responded to in the sector were caused by exploiting public-facing applications, phishing emails and the use of valid accounts.

恶意行为者和威胁组织还喜欢以关键基础设施组织为目标，去年 X-Force 应对的攻击中有70%针对高价值基础设施目标。在X-Force应对的针对高价值基础设施的攻击中，近85%的攻击是通过利用面向公众的应用程序、网络钓鱼电子邮件和使用有效账户造成的。

Artificial intelligence was the talk of the tech world in 2023 and so to was it for cybercriminals, with the report explaining that cybercriminals are now exploiting AI to improve their returns on investment.

人工智能是 2023 年科技界的热门话题，同样也成为网络犯罪分子的关注对象。报告指出，网络犯罪分子现在利用人工智能来提高他们的投资回报。

The report argues that just as ransomware followed Windows Server’s market dominance, business email compromise scams rose in prominence with Microsoft 365, and cryptojacking came to the fore with the infrastructure-as-a-service market consolidation, the pattern will likely extend to AI.

X-Force 报告认为，就像勒索软件随着 Windows Server 占据市场主导地位而出现一样，商业电子邮件诈骗局随着微软 365 的崛起而日益突出，加密劫持则随着基础设施即服务市场的整合而成为焦点，这种模式很可能会延伸到人工智能领域。

X-Force makes the bold claim that once generative AI market dominance is established – “where a single technology approaches 50% market share or when the market consolidates to three or less technologies” — there could be a similar maturing of AI as an attack surface used by cybercriminals. Now is the time for enterprises to secure their AI models before cybercriminals scale up their activity, it says.

X-Force 大胆地指出，一旦人工智能市场确立了其主导地位（即“单一技术的市场份额接近 50% 或者市场整合到三种或三种以下技术”），人工智能作为网络犯罪分子使用的攻击面也会出现类似的成熟阶段。报告称，现在已经到了企业在网络犯罪分子扩大活动规模之前保护自己的人工智能模型的时候了。

Other findings in the report were that adversaries like Europe, with nearly one in three attacks last year targeting European nations. Surprisingly, X-Force found that the number of phishing attacks decreased by 44% last year from 2022, but that could change given that AI can now speed up attacks.

报告中的其他发现还包括：对手对欧洲情有独钟，去年近三分之一的攻击以欧洲国家为目标。令人惊讶的是，X-Force 发现，去年网络钓鱼攻击的数量比 2022 年减少了 44%，但鉴于人工智能现在可以加快攻击速度，这种情况可能会发生变化。