LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's security services arm, cybercriminals last year generated more opportunities to log in to corporate networks through valid accounts, instead of hacking into them making this tactic a preferred weapon of choice for threat actors.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.
An emerging identity crisis
The report data revealed that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.
According to the report, 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial access vector' and a further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts contributing to Europe's prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.
The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.
This easy entry for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery the longest response lifecycle among all infection vectors.
Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) commented:
Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.
Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.
Julian David, CEO of techUK, added:
In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM's X-Force Threat Intelligence Index serves as a stark wake-up call.
The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses' recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.
Further key UK findings include:
Malware made up 30% of security incidents observed in the UK.
Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country.
The impact of attacks was evenly distributed with extortion, digital currency mining and data leaks each making up 25% of total impacts in the UK.
This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%) twice the global average followed by data theft (29%).
The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases.
Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively.
Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.
Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.
Major takeaways from the global report included:
Attacks on critical infrastructure reveal industry faux pas.
Worldwide, an alarming 69.6% of attacks that X-Force responded to were against critical infrastructure organisations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
In 84% of attacks on critical sectors globally, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals indicating that what the security industry historically described as basic security may be harder to achieve than portrayed.
Exploiting public-facing appl
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
06/09/2026
June 9 2026, 23:00 (PDT) Dolby and MagentaTV Bring Fans Closer to the FIFA Worl...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
12/06/2026
Meet The Grumpy Onion Ireland's newest online sensation, all he wants is to ...
12/06/2026
RT stays Up All Night with brand new daily 2026 FIFA World Cup Vodcast
Adding to the fun around 2026 FIFA World Cup tournament, RT has launched a brand new d...
11/06/2026
As podcast formats evolve in the streaming era, podcasting needs updated, transp...
11/06/2026
As Spotify's global RADAR program enters its sixth year in Italy, a new class of artists is stepping into the spotlight. Today, we're announcing the six...
11/06/2026
Pride Month is a time for celebration, reflection, and amplifying the diverse stories and perspectives from the LGBTQIA+ community that enrich our world. To hel...
11/06/2026
First in new line of muted string libraries
VSL have just announced the launch of two new string libraries that represent the first two instalments in a new...
11/06/2026
New colour option for 61-key Launchkey MK4
At Superbooth 2025, Novation introduced the Launchkey Mini 37 White and Launchkey 49 White, bringing an additiona...
11/06/2026
Larger, but still compact!
Arturia's popular compact MIDI controller keyboard is now available in a, well, slightly less compact version! The new MiniLa...
11/06/2026
Eurosatory 2026: Rohde & Schwarz shapes the new-generation battlefield Rohde & Schwarz unveils next generation SIGINT/EW and CUAS solutions on uncrewed system...
11/06/2026
Rohde & Schwarz unveils NEMACS - Directional, ultra secure connectivity for the ...
11/06/2026
Thursday 11 June 2026
Daisy May Cooper rallies the nation ahead of ICC Women's T20 World CupTurn on cookies to view this content. Go to Privacy options and...
11/06/2026
Summer solstice shows from C il House and Late Date from 9pm on Saturday 20 Jun...
10/06/2026
Get Hands-On with Interfaces & Mic Preamp Brands
If youre after a new interface or preamp, then GearExpo UK is the place to be! Well have a whole host of au...
10/06/2026
November 13-14 2026, The Midway, San Francisco
Following their recent rebranding, MONO Music Conference (formerly Music Expo) have officially announced thei...
10/06/2026
Debut instrument free for limited time
deFORM is the debut release from newly founded developer ebbandflow, and it's being offered as a free download fo...
10/06/2026
Rohde & Schwarz and TRUMPF advance laser-based drone defense with THORIS LCS Rohde & Schwarz is showcasing THORIS at ILA 2026: A sovereign, end to end counter...
10/06/2026
MAHLE and Rohde & Schwarz develop application for sensor testing of modern drive...
10/06/2026
10 Jun 2026
VEON's Banglalink Brings Every World Cup 2026 Match to Football...
10/06/2026
Wednesday 10 June 2026
How to watch every ICC Women's T20 World Cup 2026 match live on Sky Sports
Where is the ICC Women's T20 World Cup 2026 availabl...
10/06/2026
Wednesday 10 June 2026
P RLA brings first-ever Beautifully Clean Oral Care'...
10/06/2026
Wednesday 10 June 2026
Sky reveals pulse-pounding first teaser trailer for upco...
10/06/2026
Wuppertal June 10, 2026
Riedel Artist at the Heart of the 14th World Live Neurovascular ConferenceAt the 14th World Live Neurovascular Conference (WLNC) in Li...
09/06/2026
Last month, Spotify hosted PURE FLOWERS LIVE, a special event celebrating the re...
09/06/2026
Last month, RADAR U.K. artist Skye Newman took the stage in East London for a sp...
09/06/2026
Company to cease operating on 30 June 2026
Australian loudspeaker and amplifier manufacturer Wayne Jones Audio have announced that after much consideration,...
09/06/2026
Increases low-end weight and character
The latest plug-in release from Sheffield-based fedDSP aims to offer an all-in-one solution for users in search of mo...
09/06/2026
Introduces AI Studio Assistant, Moises Studio integration & more
Fender Studio have just announced the launch a significant update that brings an array of n...
09/06/2026
The BBC has found its Hercule Poirot.
After Deadline revealed last month that t...
09/06/2026
Filming to take place in Holmfirth
9th June 2026, London: U&GOLD is heading bac...
09/06/2026
X-Rite Pantone Launches Offset360 to Modernize Color Control Across Existing Pre...
09/06/2026
09 Jun 2026
VEON Appoints Serkan Ozturk as Chief of Staff & Strategy Officer Dubai and New York, June 9, 2026 - VEON Ltd. (NASDAQ: VEON), a global digital oper...
09/06/2026
Tuesday 9 June 2026
Katie Price: Nothing to Hide, a candid and unfiltered accou...
09/06/2026
Enni Continues to Rely on Arvato Systems - And Will Be Using AEP.EnerS4 Billing Solution
Arvato Systems to implement transformation project for SAP S/4HANA Ut...
09/06/2026
These special programmes will highlight RT 's connection with the Irish diaspora
This year, RT is marking 100 years of public broadcasting in Ireland with...
08/06/2026
At Spotify, our commitment to the LGBTQIA community is year-round. Through GLOW, our global music program, we celebrate and amplify the contributions of queer ...
08/06/2026
Get Hands-on With Keyboard & Synth Brands
GearExpo UK wouldn't be complete without some synth action, and we've got some of the industry's most ...
08/06/2026
50 popular in-ear monitoring system profiles added
The latest update for IK Multimedia's headphone-correction system has just arrived, and introduces ca...
08/06/2026
Manny Marroquin signature cans upgraded with SLAM Technology
The flagship model in Audeze's Manny Marroquin Signature Series has just been treated to an...
08/06/2026
Air domain supremacy redefined - New counter UAS, space solutions and directiona...
08/06/2026
he BBC and BritBox have announced that Edward Bluemel (We Might Regret This, My ...
08/06/2026
Plus, 20% off TVs ahead of kick-offMonday 8 June 2026
Sky introduces Real Time...
08/06/2026
FOX Secures Live NFL Game Package in Mexico Starting in Fall 2026 Agreement Features Thursday Night Football, Sunday Games Package, Thanksgiving Day Games, al...
08/06/2026
FOX One, FOX Sports and Indeed Name Austin Franklin and Kevin Akoto as FOX One C...
08/06/2026
Meet us on the show floor
Stand #286310 Discover Nara, the media management tool used by major facilities including Harbor and Molinare.
Nara v2 introduces re...
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
