LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's security services arm, cybercriminals last year generated more opportunities to log in to corporate networks through valid accounts, instead of hacking into them making this tactic a preferred weapon of choice for threat actors.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.
An emerging identity crisis
The report data revealed that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.
According to the report, 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial access vector' and a further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts contributing to Europe's prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.
The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.
This easy entry for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery the longest response lifecycle among all infection vectors.
Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) commented:
Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.
Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.
Julian David, CEO of techUK, added:
In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM's X-Force Threat Intelligence Index serves as a stark wake-up call.
The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses' recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.
Further key UK findings include:
Malware made up 30% of security incidents observed in the UK.
Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country.
The impact of attacks was evenly distributed with extortion, digital currency mining and data leaks each making up 25% of total impacts in the UK.
This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%) twice the global average followed by data theft (29%).
The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases.
Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively.
Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.
Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.
Major takeaways from the global report included:
Attacks on critical infrastructure reveal industry faux pas.
Worldwide, an alarming 69.6% of attacks that X-Force responded to were against critical infrastructure organisations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
In 84% of attacks on critical sectors globally, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals indicating that what the security industry historically described as basic security may be harder to achieve than portrayed.
Exploiting public-facing appl
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
08/06/2026
At Spotify, our commitment to the LGBTQIA community is year-round. Through GLOW, our global music program, we celebrate and amplify the contributions of queer ...
08/06/2026
Get Hands-on With Keyboard & Synth Brands
GearExpo UK wouldn't be complete without some synth action, and we've got some of the industry's most ...
08/06/2026
50 popular in-ear monitoring system profiles added
The latest update for IK Multimedia's headphone-correction system has just arrived, and introduces ca...
08/06/2026
Manny Marroquin signature cans upgraded with SLAM Technology
The flagship model in Audeze's Manny Marroquin Signature Series has just been treated to an...
08/06/2026
Air domain supremacy redefined - New counter UAS, space solutions and directiona...
08/06/2026
he BBC and BritBox have announced that Edward Bluemel (We Might Regret This, My ...
08/06/2026
Plus, 20% off TVs ahead of kick-offMonday 8 June 2026
Sky introduces Real Time...
08/06/2026
FOX Secures Live NFL Game Package in Mexico Starting in Fall 2026 Agreement Features Thursday Night Football, Sunday Games Package, Thanksgiving Day Games, al...
08/06/2026
FOX One, FOX Sports and Indeed Name Austin Franklin and Kevin Akoto as FOX One C...
08/06/2026
Meet us on the show floor
Stand #286310 Discover Nara, the media management tool used by major facilities including Harbor and Molinare.
Nara v2 introduces re...
08/06/2026
L'art de l'Image dans Reflet dans un diamant mort' Une conversation avec le directeur de la photographie Manuel Dacosse, SBC et l' talonneur Pe...
08/06/2026
Embracing today's modern media workflows: FilmLight presents Nara 2.0, with FilmLight API Designed to support the growing demands of today's production ...
08/06/2026
Moderated by Andy Minuth, FilmLight's Colour Workflow Specialist
Wednesday 18 February
6:00pm / Doors open
7:00pm / Presentation in German
8:00pm / Drin...
08/06/2026
Join us on April 14 at 10:00am for a technical roundtable with the Filmlight dev...
08/06/2026
You're invited to FLAPI Classroom The fundamentals of coding and machine-assisted development
These sessions will help you build the skills needed to cre...
08/06/2026
With Sylvain Canaux (St Louis, Paris) and J r me Cloutier (MELS, Montreal)
Wednesday 6 May
Pick your time: 1:00PM / 5:00PM
Note: The presentation will be hel...
08/06/2026
FilmLight, 1107 N El Centro Ave, Los Angeles
Doors open at 3:30pm
Join the FilmLight team on June 9th at 4pm to learn how FilmLight products and APIs can stre...
08/06/2026
The Creators List launched to Help Brands Connect With Top Creators In CannesThe curated directory launched by Tubefilter, Comscore, Whalar Group and Gospel Sta...
08/06/2026
Irish YouTube star DavidMC joins Aisling O'Reilly to tackle all things socce...
07/06/2026
Company introduce 21 new protective covers
Decksaver have just announced their Sping 2026 Drop, which sees a total of 21 new models added to their ever-grow...
07/06/2026
Sunday 7 June 2026
Dynamo Vs Houdini comes to Sky later this year
The last time the world saw Dynamo, he buried himself alive. This weekend, he returned.
Mom...
06/06/2026
Check Out Leading Monitor Brands
We'll have monitors of all shapes and sizes at GearExpo UK, so whether you're looking to upgrade or expand your set...
06/06/2026
Two Originals offerings join MPC line-up
Following on from their partnership announcement at NAMM 2026, Spitfire Audio and Akai Pro have announced the relea...
05/06/2026
Built from the same recordings as flagship library
Sonuscore's LUX Orchestral Strings has been met with widespread praise since its launch in late 2025,...
05/06/2026
High-end converter, interface & headphone amp upgraded
Said to represent the next evolution of RME's all-in-one reference converter concept, the all-new...
05/06/2026
Win a Soundgas Type 636P & Type G preamps
Soundgas, one of the UK's leading vintage and boutique audio equipment specialists have just announced the lau...
05/06/2026
New leadership of Technology Systems Division at Rohde & Schwarz On July 1, 2026, Hansj rg Herrbold and Andreas H gele will take over as Executive Vice Presid...
05/06/2026
Hitachi and Intel announced a strategic collaboration to explore opportunities t...
05/06/2026
05 Jun 2026
VEON's Kyivstar to Expand Digital Mobility Ecosystem with Acqui...
05/06/2026
RT Radio 1 Folk Awards to take place on Tuesday 10th November 2026, Vicar Street, Dublin
Moya Brennan, D nal Lunny, Mary Black and Christy Moore among previou...
04/06/2026
Steinberg DAWs now boast in-depth Tonalic integration
Celemony's innovative virtual session musician plug-in has just received an update that brings ARA...
04/06/2026
Get Hands-On With Over 20 Mic Brands
GearExpo UK is fast approaching, and if you've been looking for a chance to check out some new mics, then you'r...
04/06/2026
Combos feature new Amplifier Intelligence engine
Positive Grid's latest release sees the company introduce two new combo amplifiers that promise to offe...
04/06/2026
BackStory follows four Irish young people as they travel back to their parents' homelands
Modern Irish identity is enriched by cultures and influences from...
03/06/2026
Step sequencer-style panning tool revealed
Alongside their flagship self-titled sound-design platform, Sound Particles offer an array of creative effects an...
03/06/2026
Now features full H90 algorithm library
Eventide have announced the upcoming launch of the H9 Harmonizer Gen 2, a new and improved version of their hugely p...
03/06/2026
Significant discount available until 1 October 2026
Aim Audio have just announced a promotion that sees a significant discount applied to their Essence micr...
03/06/2026
Rohde & Schwarz to supply CERTIUM advanced communications system to Memmingen Ai...
03/06/2026
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({...
03/06/2026
RT confirms multi-channel and free to air coverage of the expanded tournament with enhanced digital features and the return of Total Football for young fans
S...
03/06/2026
03 Jun 2026
VEON to Release 2Q26 Earnings on July 31, 2026 Dubai and New York, June 3, 2026 - VEON Ltd. (Nasdaq: VEON), a global digital operator ( VEON or t...
03/06/2026
RT has today announced Heineken 0.0 as the broadcast sponsor of their FIFA World Cup 2026 coverage.
The sponsorship, brokered by Dentsu, will see Heineken 0....
02/06/2026
Musically intelligent soft synth gets upgraded
Scaler Music will be probably be best known to many for their music theory tools, but their product range al...
02/06/2026
Powerful new vocal-production tool announced
Described as a vocal performance station , Klevgrand's latest plug-in combines pitch-correction with harmo...
02/06/2026
Launched alongside Go Green sale extension
McDSP have just released the latest addition to their APB line-up, DC-2 Dual Compressor, and have also announced ...
02/06/2026
Create custom tools for Ableton Live 12 Suite
Ableton have just introduced a new open JavaScript toolkit that allows anyone to create their own custom tools...
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
