Utility exploitation again in vogue, says IBM cyber unit
In a reversal of a long-standing development, researchers at IBM’s X-Drive risk intelligence unit say they’ve noticed a 44% enhance in cyber assaults that start with the exploitation of weak public-facing purposes, outpacing credential abuse by a big margin.
In recent times, a quip that runs alongside the traces of “attackers don’t hack the cloud, they log in” has turn into a preferred adage within the cyber neighborhood, reflecting a surge in assaults starting with phished or stolen credentials.
Logging in legitimately means risk actors should not have to burn precious hoarded zero days, and may get away with disguising their assaults as on a regular basis exercise, taking the trail of least resistance searching for a payday.
Though the misuse of legitimate accounts nonetheless accounted for just below a 3rd of the circumstances represented within the X-Drive information, the most recent report suggests the exploitation of vulnerabilities, which its researchers declare shaped the preliminary entry vector in 40% of incidents it tracked final yr, is seeing a renewed burst of enthusiasm amongst risk actors.
What’s extra, the group says synthetic intelligence (AI) instruments could also be driving this development by making it simpler for attackers to hunt out misconfigured, unprotected or weak purposes. They stated this highlights a crucial want for stronger entry controls, rigorous patching and safe deployment practices.
“Attackers aren’t reinventing playbooks, they’re dashing them up with AI,” stated Mark Hughes, IBM international managing accomplice for cyber safety companies.
“The core situation is similar: companies are overwhelmed by software program vulnerabilities. The distinction now could be pace. With so many vulnerabilities requiring no credentials, attackers can bypass people and transfer straight from scanning to impression.
“Safety leaders have to shift to a extra proactive method, utilizing agentic-powered risk detection and response to establish gaps and catch threats earlier than they escalate,” stated Hughes.
X-Drive stated its penetration checks nonetheless revealed “persistent weaknesses” in each software program configuration and credential hygiene, with misconfigured entry controls a typical entry level throughout the board.
AI is a multifaceted drawback for defenders
However that isn’t to say credential theft has diminished as an preliminary entry vector – certainly, the X-Drive report additionally recognized a rising id drawback round AI, significantly when it got here to among the extra common generative AI companies obtainable to the general public.
The researchers discovered that greater than 300,000 ChatGPT credentials have been uncovered in 2025 because of the usage of infostealer malware, a sign that the main AI platforms are topic to the identical ranges of danger as core enterprise software-as-a-service options.
Compromised AI chatbot credentials transcend merely accessing private accounts, the report stated – they are often additional abused to govern outputs, inject malicious prompts and, most worrying for enterprise safety groups, exfiltrate delicate information.
X-Drive stated this underscored a transparent want for safety leaders to evaluate their organisations’ AI use – significantly shadow use of public companies – and implement stricter insurance policies round it.
And customary with many different market observers – all of whom launch comparable reviews round this time yearly – the X-Drive unit additionally noticed a 49% enhance in lively ransomware teams in contrast with this time final yr, with many smaller, transient operators operating low-volume campaigns that complicate attribution considerably.
This development can also be being pushed partly by AI, which is more and more taking part in a peripheral position in automating ransomware operations, and looking out forward, X-Drive stated it anticipated ransomware gangs would give over extra duties, equivalent to reconnaissance and superior assaults, to maturing AI fashions.
