https://techmonitor.ai/technology/cybersecurity/valid-user-credentials-ibm

Cyberattacks using valid user credentials spiked by 71% in 2023, according to a study by IBM. According to the report by its security team X-Force, abuse of legitimate credentials constituted a third of all cyberattacks on enterprises. Additionally, cybercriminal groups that previously relied on ransomware for their ill-gotten gains were observed pivoting to infostealers. 

“While ‘security fundamentals’ doesn’t get as many head turns as ‘AI-engineered attacks,’ it remains [the case] that enterprises’ biggest security problem boils down to the basic and known – not the novel and unknown,” said the head of IBM X-Force, Charles Henderson. “Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimise the tactic.”