LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's security services arm, cybercriminals last year generated more opportunities to log in to corporate networks through valid accounts, instead of hacking into them making this tactic a preferred weapon of choice for threat actors.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.
An emerging identity crisis
The report data revealed that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.
According to the report, 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial access vector' and a further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts contributing to Europe's prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.
The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.
This easy entry for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery the longest response lifecycle among all infection vectors.
Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) commented:
Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.
Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.
Julian David, CEO of techUK, added:
In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM's X-Force Threat Intelligence Index serves as a stark wake-up call.
The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses' recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.
Further key UK findings include:
Malware made up 30% of security incidents observed in the UK.
Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country.
The impact of attacks was evenly distributed with extortion, digital currency mining and data leaks each making up 25% of total impacts in the UK.
This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%) twice the global average followed by data theft (29%).
The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases.
Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively.
Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.
Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.
Major takeaways from the global report included:
Attacks on critical infrastructure reveal industry faux pas.
Worldwide, an alarming 69.6% of attacks that X-Force responded to were against critical infrastructure organisations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
In 84% of attacks on critical sectors globally, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals indicating that what the security industry historically described as basic security may be harder to achieve than portrayed.
Exploiting public-facing appl
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
02/05/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
15/04/2026
From immersive storytelling to laugh-out-loud comedies, podcasts are booming in ...
15/04/2026
Books have always moved with us, whether tucked in our bags or humming in our he...
15/04/2026
For many artists, independent venues are where music careers begin and fan communities take shape. Independent venue operators work hard every day to keep local...
15/04/2026
From gripping thrillers to poignant memoirs, the 21st century has had no shortage of unforgettable books. To celebrate the standout storytelling of our modern e...
15/04/2026
Vintage broadcast experts release second plug-in
Telsie T is the second plug-in to be released by SonicWorld, a German audio company who specialise in servi...
15/04/2026
Includes eight free UAD plug-ins
Universal Audio's latest bundle brings together a selection of their renowned plug-ins and virtual instruments, and is ...
15/04/2026
Maximum uptime for broadcasters: Rohde & Schwarz launches R&S BroadcastShield at...
15/04/2026
aconnic AG (ISIN: DE000A0LBKW6), Munich, announces the market launch of the ACCE...
15/04/2026
Wednesday 15 April 2026
Introducing Smart Home from Sky, a simple way to stay c...
15/04/2026
Wednesday 15 April 2026
The Burbs confirmed to return to Sky and NOW for a second season
Mystery-comedy series, The Burbs, will continue its exclusive resid...
15/04/2026
With new broadcast standards evolving all over the world and OTT streaming striving for the pole position in media consumption, both next-gen video and audio co...
15/04/2026
Harmonic's XOS Media Processor Delivers Exceptional Video Quality to More th...
15/04/2026
Five Decades of Box Office Intelligence: Comscore Celebrates 50 Years of Movie M...
15/04/2026
Two Cities Television and Keeper Pictures to produce six-part series in association with Screen Ireland for RT and ITV Studios
RT has commissioned Two Citie...
15/04/2026
RT 100
RT unveils The Signal' a specially commissioned 60-second film
...
14/04/2026
ToolsOnAir and Omnistream Bring Mobile SRT Contribution into Professional 24/7 P...
14/04/2026
Captures a trio of renowned polysynths
The latest software to join AIR Music Tech's extensive catalogue captures the sound of three sought-after polysyn...
14/04/2026
Free offering includes 10 powerful plug-ins
United Plugins have announced the launch of a new bundle that brings together 10 of their pro-audio plug-ins, an...
14/04/2026
Julian Coryell joins virtual session player line-up
Announced at NAMM 2026, Celemony's Tonalic kits DAW users out with real performances by world-class ...
14/04/2026
X-Rite Pantone Color Academy Grand Opening in Shanghai
On March 27, 2026, X-Rite Pantone, the global authority in color standards and color science, held the...
14/04/2026
14 Apr 2026
VEON and JazzWorld Receive Competition Commission of Pakistan Appro...
14/04/2026
Tuesday 14 April 2026
Nicola Coughlan and Aimee Lou Wood to host next two episo...
14/04/2026
Lead writer and executive producer Jack Lothian joins alongside lead director Je...
14/04/2026
Wuppertal April 14, 2026
Thomas Riedel Acquires Premium Manufacturer ARRIStrategic Alignment With the Riedel Group for Innovation and Growth
Thomas Riedel, f...
14/04/2026
New Service Simplifies Integration of AI Applications with Exceptional Reliabili...
14/04/2026
Luxembourg, April 14, 2026 - SES, a leading space solutions company, today annou...
13/04/2026
ToolsOnAir Composition Builder 2026 Boilerplate
More Details: The Composition Builder 2026 application for macOS enables TV stations and Live Event broadcast...
13/04/2026
ToolsOnAr just:live pro 2026 Boilerplate
More Details: just:live pro 2026 is a Multi-Channel Live Production Playout solution for video and static or real-ti...
13/04/2026
ToolsOnAr just:play pro 2026 Boilerplate
More Details: just:play pro 2026 is a Multi-Channel automated 24/7 Master Control playout solution with SD, HD and U...
13/04/2026
ToolsOnAr live:cut 2026 Boilerplate
More Details: live:cut is an option to just:in mac pro 2025 and enables multicamera production workflows for up to 16 cam...
13/04/2026
ToolsOnAir Just In Mac Lite NDI 2026 Boilerplate
More Details: The Just In Mac Lite NDI application is a streamlined media capture solution designed specific...
13/04/2026
ToolsOnAir Just In Mac Lite 2026 Boilerplate
More Details: The Just In Mac Lite application is a streamlined media capture solution designed specifically for...
13/04/2026
ToolsOnAir just:in mac pro 2026 Boilerplate
More Details: just:in mac pro is a macOS-based client-server multichannel capture solution to record SDI, HDMI, N...
13/04/2026
Intuitive EQ plug-in gets an upgrade
Following its official launch back in February 2026, Musik Hack's intuitive EQ plug-in has been treated to its firs...
13/04/2026
Flagship soft synth collection expanded
The latest version of UVI's flagship vintage-inspired soft synth collection has just arrived, expanding the suit...
13/04/2026
Free version of innovative string library arrives
Released in October 2025, Lux Orchestral Strings was said to be Sonuscore's most ambitious library to ...
13/04/2026
The Girls' Research Camp is part of the Technology - Future in Bavaria edu...
13/04/2026
Rohde & Schwarz transforms submarine communications for real time underwater dom...
13/04/2026
Rohde & Schwarz enables Pulsar signal simulation to support next-generation navi...
13/04/2026
The search for Ireland's newest country music star is live on Friday 17 Apri...
13/04/2026
Monday 13 April 2026
Global environmental action NGO WRAP brings recycling to l...
13/04/2026
J nger Audio has joined the EBU ADM Implementers Group (ADM-IG) as a founding me...
13/04/2026
FOX Latin America Announces The Launch Of The FOX Channel In Central America And...
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
