LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's security services arm, cybercriminals last year generated more opportunities to log in to corporate networks through valid accounts, instead of hacking into them making this tactic a preferred weapon of choice for threat actors.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.
An emerging identity crisis
The report data revealed that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.
According to the report, 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial access vector' and a further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts contributing to Europe's prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.
The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.
This easy entry for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery the longest response lifecycle among all infection vectors.
Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) commented:
Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.
Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.
Julian David, CEO of techUK, added:
In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM's X-Force Threat Intelligence Index serves as a stark wake-up call.
The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses' recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.
Further key UK findings include:
Malware made up 30% of security incidents observed in the UK.
Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country.
The impact of attacks was evenly distributed with extortion, digital currency mining and data leaks each making up 25% of total impacts in the UK.
This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%) twice the global average followed by data theft (29%).
The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases.
Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively.
Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.
Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.
Major takeaways from the global report included:
Attacks on critical infrastructure reveal industry faux pas.
Worldwide, an alarming 69.6% of attacks that X-Force responded to were against critical infrastructure organisations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
In 84% of attacks on critical sectors globally, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals indicating that what the security industry historically described as basic security may be harder to achieve than portrayed.
Exploiting public-facing appl
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
02/05/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
01/04/2026
January 4 2026, 18:00 (PST) DOLBY AND DOUYIN EMPOWER THE NEXT GENERATON OF CREATORS WITH DOLBY VISION
Douyin Users Can Now Create And Share Videos With Stun...
15/03/2026
Visit ToolsOnAir at NAB Las Vegas 2026
More Details:From April 19-22, join us at NAB Show Las Vegas in the North Hall, Booth N1258, for an exclusive preview of...
15/03/2026
Latest dark drama, thrillers & tension library announced
The Very Loud Indeed Co.'s latest Kontakt library has just arrived, delivering a third instalme...
14/03/2026
Combines mic, USB interface & wireless IEMs
Following a successful Kickstarter campaign, HISONG have announced that their innovative AirStudio S1 device is ...
13/03/2026
Spotify has always been built around your taste. More than 80% of listeners say personalization is what they love most about us. Now we're taking that even ...
13/03/2026
The new Spotify Legends Club has opened its doors. Its members: select German-sp...
13/03/2026
Pushing drum sampler technology into new territories
The latest version of Klevgrand's software drum sampler has just arrived, boasting a newly designe...
13/03/2026
Expanded headphone support & engine improvements
IK Multimedia's recently introduced ARC On-Ear system brings the power of their monitoring-correction s...
13/03/2026
Extra sound collections, more presets & new Keys category
UVI's rhythm and pattern instrument has just received a major update that introduces four new ...
13/03/2026
13 Mar 2026
VEON Delivers Record Digital Growth: 4Q25 Digital Revenues Grow 84%...
13/03/2026
Friday 13 March 2026
Sky Adds Blood on Snow to Original Film Slate in Acquisiti...
13/03/2026
RT has announced today that Rick O'Shea is the new presenter of Arena RT Radio 1's flagship weeknight arts and culture programme. Rick has been pres...
13/03/2026
Lights! Camera! Action! The 98th Oscars set to air live as RT backs the Irish n...
12/03/2026
Staines-upon-Thames, UK, 11th March, 2026 - Yospace, the trusted leader in Dyna...
12/03/2026
In Latin America, women are shaping music and defining its future. To kick off t...
12/03/2026
En Am rica Latina, las mujeres est n moldeando la m sica y definiendo su futuro....
12/03/2026
Let's turn back the clock 20 years: The music landscape was a world away fro...
12/03/2026
Bad Bunny is no stranger to Spotify's Billions Club. In fact, he has a whopp...
12/03/2026
Spotify was at the London Book Fair this week, joining conversations across the publishing industry about how people can make reading part of their daily lives....
12/03/2026
Mastering tool improves mono compatibility
Tokyo Dawn Labs' Ohlhorst Digital range is a series of mastering-focused plug-ins developed by Jan Ohlhorst, ...
12/03/2026
Wave FX processor integrated into four products
Lewitt have teamed up with Elgato to create a new processor for the company's Wave Next product range, i...
12/03/2026
Free tool for annotating audio files
Mix Notes is a new, free iOS App that provides users with a simple way to annotate their audio files. It's been cre...
12/03/2026
Side-chain ducking tool gets an upgrade
Devious Machines' popular side-chaining and envelope-shaping tool has just been kitted out with an improved enve...
12/03/2026
Ceremony to take place on 16 April 2026
The MPG (Music Producers Guild) have revealed the full shortlist for this year's MPG Awards, which will be takin...
12/03/2026
Emulates three classic dbx 160 variants
The latest arrival to Overloud's Gem Series plug-in range faithfully recreates not one, but three versions of th...
12/03/2026
New granular soft synth announced
Said to be their most advanced software synthesizer to date, Baby Audio's latest release has been built on a new granu...
12/03/2026
Latest version now live!
Edit 11 March 2026 - Bitwig Studio 6 is now live, and available for all to download!
The latest version of Bitwig's DAW softwa...
12/03/2026
Latest free eBook now available!
Designed for recording engineers, audio-technology students and technically minded musicians, our latest free eBook deliver...
12/03/2026
Rohde & Schwarz Cybersecurity expands SITLine network encryptor portfolio - more...
12/03/2026
Rohde & Schwarz to showcase future-proof EMC testing solutions at EMV 2026 Rohde & Schwarz will participate in EMV 2026, Europe's premier trade fair and c...
12/03/2026
Modern media operations demand a platform that unites automation, orchestration, and human oversight without compromise. In this post, we explore the six key te...
12/03/2026
A deep dive into the platform
Architecture The Blue Lucy platform follows a distributed microservices architecture, meaning the overall operational capability...
12/03/2026
Orchestration platform enables broadcasters to deploy multiple AI models safely with full auditability, rights protection, and regulatory oversight.
LONDON, En...
12/03/2026
Wuppertal March 12, 2026
Riedel Expands Managed Technology Division in the Ame...
12/03/2026
Advanced Media Server Delivers Double the Channel Density at Half the Cost per C...
12/03/2026
The Late Late Show Show St Patrick's Day special
Dancing with the Stars f...
11/03/2026
First Medium-Earth Orbit (MEO) deployment of the emergency.lu platform for refugees and their host communities' use provides dependable broadband for humani...
11/03/2026
Following a successful first series, UKTV today announces the commission of two ...
11/03/2026
Wednesday 11 March 2026
Sky and CANAL launch new partnership to develop English-language drama
Sky and CANAL are today announcing a strategic co commissioni...
11/03/2026
NTCA, Cartesian Release New Report on the Business Case for USF
March 11, 2026
Network Economics
News
NTCA - March 11, 2026 - As the FCC and Congr...
11/03/2026
TELL US YOUR (SHORT) STORIES
The 2026 RT Short Story Competition is now open for entries
Recognising and rewarding the best new Irish fiction writing for...
11/03/2026
RT 's The Traitors Ireland is among the nominees for the 2026 Celtic Media Festival Torc Awards for Excellence, announced today....
10/03/2026
10 Mar 2026
VEON's Largest Market Pakistan Almost Triples Mobile Spectrum i...
09/03/2026
Contains all six dual-ensemble libraries
VSL's Duality Strings series offers an intriguing alternative to your average string library, capturing two str...
09/03/2026
Outstanding Contribution To UK Music
Photo: Samuel Bradley
Ahead of their upcoming MPG Awards, the Music Producers Guild (MPG) have revealed the latest win...
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
