LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's security services arm, cybercriminals last year generated more opportunities to log in to corporate networks through valid accounts, instead of hacking into them making this tactic a preferred weapon of choice for threat actors.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.
An emerging identity crisis
The report data revealed that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.
According to the report, 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial access vector' and a further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts contributing to Europe's prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.
The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.
This easy entry for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery the longest response lifecycle among all infection vectors.
Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) commented:
Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.
Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.
Julian David, CEO of techUK, added:
In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM's X-Force Threat Intelligence Index serves as a stark wake-up call.
The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses' recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.
Further key UK findings include:
Malware made up 30% of security incidents observed in the UK.
Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country.
The impact of attacks was evenly distributed with extortion, digital currency mining and data leaks each making up 25% of total impacts in the UK.
This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%) twice the global average followed by data theft (29%).
The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases.
Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively.
Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.
Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.
Major takeaways from the global report included:
Attacks on critical infrastructure reveal industry faux pas.
Worldwide, an alarming 69.6% of attacks that X-Force responded to were against critical infrastructure organisations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
In 84% of attacks on critical sectors globally, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals indicating that what the security industry historically described as basic security may be harder to achieve than portrayed.
Exploiting public-facing appl
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
14/05/2026
At Spotify, we're focused on making every listening experience feel intentio...
14/05/2026
Spotify recently welcomed songwriters, artists, executives, and music students t...
14/05/2026
New articulations, ostinatos, Motion Scoring Articulation Sets & more
Sonuscore's flagship cinematic string library has just been treated to a significa...
14/05/2026
World-class studio opens on T rkiye's Aegean coast
P r Recording & Residence have announced their official opening, introducing a new world-class reside...
14/05/2026
Now supports channel layouts up to 9.1.6
Nugen Audio have just released an update for their AI-powered dialogue intelligibility and compliance tool. Set to ...
14/05/2026
New recordings & one-key chord tool
UVI have just announced the release of Orchestral Suite 2, a ground-up redesign of their all-in-one symphonic orchestra ...
14/05/2026
Two new arrivals & expanded factory content
Rob Papen's all-encompassing plug-in and virtual instrument collection has just been treated to another upda...
14/05/2026
Embed QR codes into DAW sessions
FSK Audio's latest plug-in doesn't process audio, but serves as an organisational tool that allows QR codes to be e...
14/05/2026
Rohde & Schwarz transforms spectrum complexity into situational awareness and ef...
14/05/2026
Rohde & Schwarz and Quantum Systems join forces to redefine EW and C-UAS-enabled...
14/05/2026
Rohde & Schwarz showcases STANAG aligned ARDRONIS Counter UAS capability at NATO...
14/05/2026
Code of Silence has won the BAFTA for Best Drama Series at Sunday night's ceremony at the Royal Festival Hall.
The series, starring Rose Ayling-Ellis and w...
14/05/2026
Vivid Broadcast was embracing remote production long before it became the industry norm. Now, with Calrec's True Control 2.0-enabled Argo M and Type R conso...
14/05/2026
What can I watch on UKTV and stream on U this week?
This week on UKTV and the free streaming service U, viewers can watch a range of new and returning programm...
14/05/2026
The high-stakes chase thriller from Oscar- and BAFTA-nominated writer Matt Charm...
14/05/2026
Back From The Brink airs Sunday 17 May and Sunday 24 May at 6.30pm on RT One an...
13/05/2026
13 May 2026
VEON Delivers Strong Start to 2026 1Q26: Revenue 17.0%, EBITDA 17...
13/05/2026
Thousands of props donated from Skys longest-running original seriesWednesday 13 May 2026
How a neon windmill from A League of Their Own ended up in a dogs'...
13/05/2026
SAN JOSE, Calif. - May 13, 2026 - Harmonic (NASDAQ: HLIT) today announced that I...
13/05/2026
A definitive portrait of one of Ireland's most influential musicians
New TV documentary airs Monday 18 May on RT One and RT Player at 9.35pm
Watch the...
12/05/2026
Spotify is where fans and artists come together, turning discovery into somethin...
12/05/2026
Features patented Marco-MMC clocking technology
Black Lion Audio's latest release combines the company's expertise in clocking with their renowned p...
12/05/2026
New Track Panel, sequencer upgrades & more
Following their recent public beta release, Reason Studios have announced the full release of Reason 14. With the...
12/05/2026
Rohde & Schwarz presents its advanced solutions for power electronics testing at...
12/05/2026
aconnic AG (ISIN: DE000A0LBKW6), Munich, has developed a modified fund raising p...
12/05/2026
FOX Announces Schedule for 2026-27 Season FOX'S POWERFUL NEW SERIES PIPELINE FUELS A BREAKOUT SEASON WITH RETURNING HITS AND BOLD NEW STORYTELLING ACROSS ...
12/05/2026
Customer demand for data continues to grow in the first quarter of 2026 at Magya...
12/05/2026
The latest drama underscores Sky's continued investment in regional production and Welsh creative talent.Tuesday 12 May 2026
Wales takes the spotlight in S...
11/05/2026
As Eurovision fans gear up to celebrate the 70th anniversary of the iconic song ...
11/05/2026
Pela primeira vez na hist ria, o Brasil figura entre os oito maiores mercados de...
11/05/2026
New desktop instrument focused on tactile performance
Bastl Instruments have announced the Kalimba, a new desktop instrument that combines physical modellin...
11/05/2026
Compact sampling workstation gains new features
1010music have announced the blackbox 2, a new version of their compact standalone sampler designed for DAWl...
11/05/2026
Performance-focused sequencer with microtonal control
Berlin-based KOMA Elektronik have announced Monoplex, a new 42HP Eurorack sequencer designed for hands...
11/05/2026
Boasts wireless control from mobile devices
The latest iteration of IK Multimedia's compact amp and effects modelling pedal expands on the capabilities ...
11/05/2026
Spans traditional orchestral and experimental sounds
Sonora Cinematic have recently released the third instalment in their Transfigured Orchestra series, de...
11/05/2026
Our exhibition coverage
Watch all our SUPERBOOTH 2026 video coverage in one place. Check back to this page regularly as we will be updating with more video ...
11/05/2026
aconnic AG (ISIN: DE000A0LBKW6), Munich, is participating in the Equity Forum Ge...
11/05/2026
Bounteous Acquires Cartesian to Accelerate Enterprise AI
May 11, 2026
Business Assurance
News
Acquisition enhances deep data and analytics capabil...
11/05/2026
11 May 2026
VEON Shareholders Re-elect Board and Chairman, Reaffirming Confiden...
11/05/2026
Fox Corporation Reports Third Quarter Fiscal 2026 Financial Results NEW YORK, NY, May 11, 2026 - Fox Corporation (Nasdaq: FOXA, FOX; FOX or the Company ) t...
11/05/2026
Arvato Systems Becomes a Member of InsurLab Germany
Collaboration in the insurance industrys leading innovation network
G tersloh - Arvato Systems has joine...
11/05/2026
Pirate Predator uncovers new information from victims and survivors of abuse on ...
10/05/2026
RT ALL-IRELAND DRAMA FESTIVAL WINNERS ANNOUNCED DURING GALA AWARDS STREAMED LIVE ON RTE.IE/CULTURE
Kilmeen Drama Group hailing from Rossmore, Co. Cork Scoops ...
09/05/2026
New desktop instrument focused on tactile performance
Bastl Instruments have announced Kalimba, a new desktop instrument that combines physical modelling, F...
09/05/2026
Compact sampling workstation gains new features
1010music have announced blackbox 2, a new version of their compact standalone sampler designed for DAWless ...
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
