LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's security services arm, cybercriminals last year generated more opportunities to log in to corporate networks through valid accounts, instead of hacking into them making this tactic a preferred weapon of choice for threat actors.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.
An emerging identity crisis
The report data revealed that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.
According to the report, 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial access vector' and a further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts contributing to Europe's prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.
The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.
This easy entry for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery the longest response lifecycle among all infection vectors.
Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) commented:
Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.
Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.
Julian David, CEO of techUK, added:
In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM's X-Force Threat Intelligence Index serves as a stark wake-up call.
The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses' recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.
Further key UK findings include:
Malware made up 30% of security incidents observed in the UK.
Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country.
The impact of attacks was evenly distributed with extortion, digital currency mining and data leaks each making up 25% of total impacts in the UK.
This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%) twice the global average followed by data theft (29%).
The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases.
Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively.
Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.
Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.
Major takeaways from the global report included:
Attacks on critical infrastructure reveal industry faux pas.
Worldwide, an alarming 69.6% of attacks that X-Force responded to were against critical infrastructure organisations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
In 84% of attacks on critical sectors globally, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals indicating that what the security industry historically described as basic security may be harder to achieve than portrayed.
Exploiting public-facing appl
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
01/04/2026
January 4 2026, 18:00 (PST) DOLBY AND DOUYIN EMPOWER THE NEXT GENERATON OF CREATORS WITH DOLBY VISION
Douyin Users Can Now Create And Share Videos With Stun...
09/01/2026
RT Player has 157 million streams, up 10% year-on-year
An increase on 2024, RT...
09/01/2026
RT 2FM has today announced the highly anticipated list of 2FM Rising Artists for 2026, kicking off 2FM Rising week for the eighth year on The Tracy Clifford Sh...
09/01/2026
RT to Host the 2026 RTS Ireland Awards
Thursday, 16 April 2026 | Dublin Royal Convention Centre
The RTS Ireland Television Awards 2026 | Gradaim RTS 2026 | R...
08/01/2026
An evidence-based analysis on disinformation and information manipulation in Sudan's ongoing conflict is published today. (January 8th 2026).
Thomson Found...
08/01/2026
In 2025 we launched the Spotify Partner Program to give creators more ways to tu...
08/01/2026
On Wednesday in Los Angeles, Spotify welcomed creators and press to a brunch cel...
08/01/2026
TSA awards Rohde & Schwarz contract for advanced airport screening ahead of Socc...
08/01/2026
The review looks back at DPA's miniature microphone development over the years. It compares the evolving technologies from the original mics through CORE an...
08/01/2026
Comscore Launches Audio Targeting and Measurement Capabilities with The Trade De...
08/01/2026
Tonight, on RT Prime Time at 9:35pm on RT One and RT Player
Tonight, Prime T...
08/01/2026
The Late Late Show celebrates the very best of traditional Irish music with its first-ever full special dedicated entirely to the tradition
Lisa Canny | Kevin...
08/01/2026
It will be murder on the dancefloor when Dancing with the Stars returns this S...
07/01/2026
Spotify is launching a week-long celebration spotlighting creators at the center...
07/01/2026
We know people use Spotify not just to listen, but to share the songs, podcasts, and audiobooks they love with their friends and family. When we launched Messag...
07/01/2026
This week, all eyes are on the podcast industry as the Golden Globes recognizes ...
07/01/2026
Podcasts are stepping onto a new stage this week as the Golden Globes recognize the medium for the first time. To mark this milestone moment, we're hosting ...
06/01/2026
Spotify is launching a week-long celebration spotlighting creators at the center...
06/01/2026
Lorde. A$AP Rocky. JENNIE. Baby Keem. KATSEYE. That's just a taste of who�...
06/01/2026
Channel 4 and UKTV are giving viewers even more reasons to stream, with UKTV's U service set to feature thousands of hours of free, unmissable and bingeable...
06/01/2026
Tuesday 6 January 2026
An update on our Sky Mobile prices
Devesh Raj, Chief Operating Officer, Sky
Today, we've announced some changes to the prices of ...
06/01/2026
Comscore Launches Daily Program-Level Reporting with Deduplicated Insights on Sh...
06/01/2026
Comscore Completes Recapitalization Transaction with Preferred Stockholders Foll...
05/01/2026
Bad Bunny's DeB TiRAR M S FOToS defined the sound of 2025 for listeners eve...
05/01/2026
As the clock struck midnight and 2026 was born, so was an exciting range of new ...
05/01/2026
These Sacred Vows starring Tom Vaughan-Lawlor, Justine Mitchell and Jason O'...
05/01/2026
DANDANCING WITH THE STARS RETURNS TO SHAKE UP SUNDAY NIGHTS
Reigning Rose of Tr...
02/01/2026
Any Given Day: Cork University Hospital premieres Wednesday 7 January on RT One and RT Player at 9:35pm
RT will debut a powerful new six-part documentary se...
02/01/2026
Friday 2 January 2026
All episodes of Heated Rivalry will be landing on Sky and...
02/01/2026
Sequins, chat shows, live sporting action, ground-breaking docuseries and brand-new Irish drama to kick off 2026
New Year, New Content Coming Soon across RT
...
01/01/2026
The Quantum 852 is situated in the 6,500-seat Seoul-based place of worship, a church which is home to a 1,000-person choir and a 50-piece orchestra. There are f...
01/01/2026
Formed in 2002, OneRepublic have enjoyed huge international success, with over 18 billion streams on Spotify alone. Their current tour, Escape to Europe, contin...
01/01/2026
We had been using the club's previous console for the last ten years, so we researched manufacturer information very carefully, says venue audio manager Mr...
30/12/2025
Your live countdown to 2026 with Inhaler, David Gray, Lyra, Garron Noone, Sharon...
29/12/2025
From crisper Lossless audio and immersive music videos in beta to new Audiobooks+ plans, custom transitions between tracks, and in-app Messages, we keep levelin...
24/12/2025
RT has unveiled an exclusive first look at the new Dancing with the Stars promo...
23/12/2025
The year is winding down, the weather outside is frightful, and it's the perfect time to escape into a story that warms the heart. For listeners looking for...
23/12/2025
23 Dec 2025
VEON's Beeline Kazakhstan and Rakuten Symphony Collaborate to A...
22/12/2025
For a decade, popular German podcast Fest & Flauschig has hosted an annual Chris...
22/12/2025
Monday 22 December 2025
Sky extends PGA TOUR partnership until 2029, as Sky Spo...
22/12/2025
Siobh n McSweeney, Rory McIlroy, Elon Musk, Catherine Connolly, Jim Gavin, Ivan Yates and Traitor Paudie Moloney lead new characters for Callan Kicks the Year 2...
22/12/2025
Winner announced in the picturesque surroundings of Wicklow's Avondale Tower and Treetop Walk
Andrew Trimble wins the show in his first series as coach
Th...
22/12/2025
The 2025 winners have been announced today, Sunday 21 December, for Ireland's largest choral competition Choirs for Christmas hosted by RT lyric fm.
Ove...
21/12/2025
John Shortt named Young Sportsperson of the Year Kerry are the Team of the Year
...
19/12/2025
With Playout Release 2025.4, ToolsOnAir continues to push professional playout w...
19/12/2025
19 Dec 2025
VEON's Mobilink Microfinance Bank Launches Islamic Banking Oper...
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
