World
Identify theft spikes with use of AI
Call it a global identity crisis.
A new report says cybercriminals are doubling down on stealing your personal information for use in attacks on corporate networks.
How many times have you been notified by a company that your personal information has been compromised in a security breach, or been warned by your phone’s security that a saved password was involved in a cyber incident and should be changed?
The latest online threat index from IBM says identity theft has become the tactic of choice for cybercriminals who see more opportunities to log in to corporate networks using stolen credentials for valid accounts, versus hacking in.
“Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web today.” an excerpt from IBM’s latest X-Force Threat Intelligence Index explained.
“In 2023, X-Force saw attackers increasingly invest in operations to obtain users’ identities – with a 266% uptick in info stealing malware, designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more. This ‘easy entry’ for attackers is one that’s harder to detect.”
Those compromised credentials have fueled a 71 per cent spike in cyberattacks caused by exploiting identity, which are also harder for corporate security teams to detect — defenders need to distinguish between legitimate and malicious user activity on a network.
And IBM says the identity theft crisis is poised to worsen.
“Identity-based threats will likely continue to grow as adversaries leverage generative AI to optimize their attacks. Already in 2023, X-Force observed over 800,000 posts on AI and GPT across Dark Web forums, reaffirming these innovations have caught cybercriminals attention and interest,” the report said.
However, authorities have made some progress.
“This wide reach into users’ online activity was evident in the FBI and European law enforcement’s April 2023 takedown of a global cybercrime forum that collected the login details of more than 80 million user accounts.”
That bust disabled Genesis Market, a criminal online marketplace that advertised and sold packages of account access credentials that had been stolen from malware-infected computers around the world.