LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's security services arm, cybercriminals last year generated more opportunities to log in to corporate networks through valid accounts, instead of hacking into them making this tactic a preferred weapon of choice for threat actors.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.
An emerging identity crisis
The report data revealed that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.
According to the report, 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial access vector' and a further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts contributing to Europe's prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.
The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.
This easy entry for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery the longest response lifecycle among all infection vectors.
Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) commented:
Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.
Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.
Julian David, CEO of techUK, added:
In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM's X-Force Threat Intelligence Index serves as a stark wake-up call.
The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses' recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.
Further key UK findings include:
Malware made up 30% of security incidents observed in the UK.
Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country.
The impact of attacks was evenly distributed with extortion, digital currency mining and data leaks each making up 25% of total impacts in the UK.
This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%) twice the global average followed by data theft (29%).
The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases.
Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively.
Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.
Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.
Major takeaways from the global report included:
Attacks on critical infrastructure reveal industry faux pas.
Worldwide, an alarming 69.6% of attacks that X-Force responded to were against critical infrastructure organisations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
In 84% of attacks on critical sectors globally, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals indicating that what the security industry historically described as basic security may be harder to achieve than portrayed.
Exploiting public-facing appl
Europe Stories
06/10/2025
France T l visions, France's leading broadcaster, has received the 2025 EBU ...
04/09/2025
Monumental Sports & Entertainment (MSE), in collaboration with Dalet, has been a...
07/08/2025
July 8 2025, 22:30 (PDT) Tata Motors & Dolby Bring Dolby Atmos to Harrier.ev, R...
15/07/2025
NOT FOR DISTRIBUTION IN OR INTO OR TO ANY PERSON LOCATED OR RESIDENT IN THE UNIT...
15/07/2025
Harmonic's Hybrid, AI-Powered and Live Sports Streaming Innovations are Key ...
15/07/2025
The well-known and well-loved 4099 has been completely revamped. It features amazing CORE+ technology, which eliminates distortion and extends dynamic range, a ...
15/07/2025
Comscore Partners with HyphaMetrics to Launch Advanced Person-Level Audience Mea...
15/07/2025
Peak audiences of over half a million tune into both Kerry v Tyrone and Donegal ...
15/07/2025
PROTON Announces Production Facility Expansion Ahead of IBC2025 posted: 15/07/2025
Proton Announces Production Facility Expansion Ahead of IBC2025
Alongs...
14/07/2025
Enhancing Public Service Broadcasting with
Innovation, Accuracy & Sustainability
New regional detail and local towns featured...
11/07/2025
If you've ever wondered what might be playing in Clark Kent's headphones...
11/07/2025
AI and Multimedia Authenticity Standards Collaboration launches two papers to guide the future of AI integration, today at the AI for Good Global Summit
The...
10/07/2025
The current holder of the prestigious Thomson Foundation Young Journalist of the Year Award has been forced to stop reporting over fears for her safety in Afgha...
10/07/2025
Spotify is turning up the volume on Australian music with a multipronged initiative designed to highlight the dominance of Australian artists on the global stag...
10/07/2025
This is not a drill: Oasis is back on the road-marking its first live performanc...
10/07/2025
The music industry depends on fresh ideas, bold voices, and emerging talent. Yet across the U.K., too many young musicians lack the space to develop their craft...
10/07/2025
10 Jul 2025
VEON and Cohen Circle Secure Investor Commitments for Kyivstar Listing Kyiv, New York, Dubai, and Philadelphia - July 10, 2025 - VEON Ltd. (Nasdaq:...
10/07/2025
Thursday 10 July 2025
The Very Small Creatures
Jaime's Treetop Tales
Emerald
BooSnoo! Christmas Mashup
Pip & Posy's Spooktacular Party
The Very Sm...
10/07/2025
Thursday 10 July 2025
Brand new rewards are coming to Sky customers, with free ...
10/07/2025
Comscore Achieves Full JIC Certification for National TV Measurement Including...
09/07/2025
Wednesday 9 July 2025
Sky Broadband now has the UK's fastest broadband spee...
09/07/2025
CUPERTINO, CALIFORNIA Apple today announced Jeff Williams will transition his role as chief operating officer later this month to Sabih Khan, Apple's senior...
08/07/2025
In an era where digital threats to journalists are becoming increasingly aggressive and widespread, MediaSafe Africa launches as a vital online resource to help...
08/07/2025
This summer, as the energy builds for one of the biggest moments in women's ...
08/07/2025
UKTV today announces that Richard Watsham, Chief Creative Officer at UKTV and Global Director of Acquisitions for BBC Studios/UKTV, has decided to step down fro...
08/07/2025
SAN JOSE, Calif. - July 8, 2025 - Harmonic (NASDAQ: HLIT) today announced a reco...
08/07/2025
Arvato Systems Optimizes Customer Communication with AOK Niedersachsen
New project in the statutory health insurance sector
Arvato Systems and AOK Niedersach...
08/07/2025
On August 7, Apple Arcade is adding four exclusive games to its diverse catalogue of more than 200 fun games for players to enjoy, all free from ads and in-app ...
07/07/2025
** MEDIA ALERT **
VIZ Media Ignites AX 2025 with Star-Studded Panels, Exclus...
07/07/2025
CULVER CITY, CALIFORNIA As Apple Music marks its 10th anniversary this year, Apple unveils its most ambitious creative project to date: a brand-new state-of-the...
07/07/2025
RT has announced that Mark Bignell has been appointed Commissioning Editor for Comedy following a public competition. This senior editorial position will drive...
04/07/2025
The Summer Reading Challenge has inspired children across the U.K. to embrace a ...
04/07/2025
Friday 4 July 2025
Watch the trailer here https://youtu.be/Od5WpvWmDr8
Further...
04/07/2025
The Pitch comes to RT Radio 1 airwaves this Sunday at 7pm. The Pitch is a brand...
03/07/2025
For our Vario-Jib, as well as for a repertoire of weights, we now have carts that make transport easier...
03/07/2025
One of our latest innovations: Slider Drive Unit!
Our Vario Slider not only comes with improvements and new features, but also with its own drive unit!
Our i...
03/07/2025
The 360 EVO lives up to its name: 360-degree rotation not only on the pan axis, but also on the roll axis, enables filmmakers to take their creative visions eve...
03/07/2025
What a buzzing few days at BSCExpo in London!
We were thrilled to connect with so many talented professionals from the world of cinematography.
A huge thank ...
03/07/2025
ADOLESCENCE - Shot with Panther Tower"The whole rig had to be detachable mid-episode
Netflix limited drama series Adolescence has been gaining attentio...
03/07/2025
** MEDIA ALERT ** Shonen Jump Store Hosting Los Angeles Pop-up During Anime Exp...
03/07/2025
Thursday 3 July 2025
David Harewood and Matthew Broome in Mozart: Genius for Hi...
03/07/2025
The Sky WNT Fund supports Womens National Team players with a 30,000 bursaryThursday 3 July 2025
Sky Ireland has announced the four recipients of the 2025 Sky...
02/07/2025
Calrec expands ecosystem at NAB 2025 giving broadcasters access to dynamic workflows and ultimate flexibility Helping broadcasters meet the shifting needs of me...
02/07/2025
02 Jul 2025
VEON Raises USD 200 Million in Private Bond Placement Dubai, July 1, 2025: VEON Ltd. (Nasdaq: VEON), a global digital operator ( VEON ), announces ...
02/07/2025
Brand new factual series follows mechanic and self-taught engineer Dom Chinea as he makes the move of his life to the far west of Cornwall
UKTV today announces...
02/07/2025
Rohde & Schwarz acquires ZES ZIMMER Electronic Systems GmbH and expands its T&M ...
02/07/2025
Wuppertal July 2, 2025
Riedel Communications Launches RefSuite Ecosystem for S...
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
