According to a recent threat report by Expel, identity-based incidents accounted for 64% of all investigated, a volume increase of 144% from 2022 to 2023. Sixty-nine percent of identity-based incidents involved malicious logins from suspicious infrastructure.

Cloud infrastructure incidents trend up, with secret (stolen or leaked credentials) exposure as the biggest and most frequent risk. The report found a 72% increase in cloud infrastructure incidents. Ninety-six percent of those incidents occurred in Amazon Web Services (AWS), and the remaining 4% were split evenly between Google Cloud Platform (GCP) and Microsoft Azure.

More than half of all malware incidents presented an immediate, significant risk. Pre-ransomware accounted for 57% of the malware incidents. The report found a rise in the abuse of QR codes for phishing in 2023. With a URL, a user can visit the malicious domain using the org’s endpoint, giving operators the opportunity to block connections using multiple technologies. However, with a QR code, the activity moves off the workstation and onto the user’s mobile device.

Read the full report here.