What new cyber tactics and statistics were observed and dissected in one cybersecurity firm’s regional customer base? Find out here…
Based on insights and observations from monitoring over 150bn security events per day in more than 130 countries, as well as additional data gathered and analyzed from multiple sources in threat intelligence networks, incident response operations, managed security services and subsidiary businesses, IBM has released some key 2023 findings for the Asia Pacific region (APAC).
First, in the 2023 data analyzed, APAC was the third most-targeted region, accounting for 23% of all incidents, with phishing (36%) and exploitation of public-facing applications (35%) as the most common initial access vectors.
Second, data showed that cybercriminals saw more opportunities to “log in” instead of hacking into corporate networks through valid accounts — making this tactic a preferred weapon of choice for threat actors in the incidents analyzed for the year.
Other findings
At the industry level, manufacturing was the highest-targeted vertical in APAC (46%), followed by finance and insurance, and transportation industries, which tied in second place at 12% and education is third at 8%. Also:
- Phishing continued to be the top initial access vector in the region, with 36% of incidents in 2023, closely followed by exploitation of public-facing applications at 35%. The use of valid accounts, abuse of trusted relationship, and replication through removable media all tied for third with 12% of incidents analyzed.
- Malware was the most observed threat, representing 45% of attacks in APAC. Ransomware accounted for 17%, followed by info stealers (10%). Backdoor attacks which accounted for 31% in 2022, fell sharply in the 2023 data, accounting for 3% of cases analyzed.
- Although generative AI is currently in its pre-mass market stage, enterprises should secure their AI models now, before cybercriminals scale up their activity. The trajectory suggested by the data is that, once market dominance is established in the generative AI field (where a single technology approaches 50% market share or when the market consolidates to three or less technologies), cybercriminals will be mobilized to invest more in new tools exploit AI as an attack surface.
- Enterprises should also recognize that their existing underlying infrastructure is a gateway to their AI models that does not require novel tactics from attackers to target. In the age of generative AI heading towards maturity, a holistic approach to security will be mandatory.
- Penetration testing metrics indicated that security misconfigurations accounted for 30% of total exposures identified, involving more than 140 ways that attackers can exploit misconfigurations.
- In some data sets, 92% of cybersecurity customers had at least one CVE with known exploits unaddressed in their environment at the time of scanning, while 80% of the top 10 vulnerabilities detected across systems in 2023 had been marked with a ‘High’ or ‘Critical’ CVSS base severity score.
- In other data sets, there was a 100% increase in “kerberoasting” attacks, wherein threat actors attempted to impersonate users to escalate privileges by abusing Microsoft Active Directory tickets.
According to Catherine Lian, General Manager/Technology Leader, IBM ASEAN: “AI-engineered attacks are receiving more attention due to the rise of generative AI in the current landscape, but the biggest security threat in APAC remains known unpatched vulnerabilities. Additional focus should also be placed on the region’s critical infrastructure and key industries such as manufacturing, finance and insurance, and transportation, with stress tests and well-prepared incident response plans in place. The exploitation of user identity is becoming a preferred weapon of choice for global threat actors, raising the need for more effective user access control strategies in the region, and prompting us to promote a holistic approach to security in the age of generative AI.”