LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's security services arm, cybercriminals last year generated more opportunities to log in to corporate networks through valid accounts, instead of hacking into them making this tactic a preferred weapon of choice for threat actors.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.
An emerging identity crisis
The report data revealed that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.
According to the report, 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial access vector' and a further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts contributing to Europe's prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.
The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.
This easy entry for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery the longest response lifecycle among all infection vectors.
Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) commented:
Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.
Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.
Julian David, CEO of techUK, added:
In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM's X-Force Threat Intelligence Index serves as a stark wake-up call.
The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses' recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.
Further key UK findings include:
Malware made up 30% of security incidents observed in the UK.
Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country.
The impact of attacks was evenly distributed with extortion, digital currency mining and data leaks each making up 25% of total impacts in the UK.
This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%) twice the global average followed by data theft (29%).
The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases.
Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively.
Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.
Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.
Major takeaways from the global report included:
Attacks on critical infrastructure reveal industry faux pas.
Worldwide, an alarming 69.6% of attacks that X-Force responded to were against critical infrastructure organisations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
In 84% of attacks on critical sectors globally, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals indicating that what the security industry historically described as basic security may be harder to achieve than portrayed.
Exploiting public-facing appl
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
01/04/2026
January 4 2026, 18:00 (PST) DOLBY AND DOUYIN EMPOWER THE NEXT GENERATON OF CREATORS WITH DOLBY VISION
Douyin Users Can Now Create And Share Videos With Stun...
23/01/2026
Staines-upon-Thames, UK, 29 July, 2025 - Yospace, the global leader in Dynamic A...
23/01/2026
Spotify's annual Best New Artist celebration honors the rising stars whose talent, creativity, and dedication have propelled them to the music industry'...
23/01/2026
Paramount is transforming its operations by unifying the media supply chains of their top brands into a scalable global pipeline.
This transformation enhances ...
23/01/2026
Every delay costs. When a subtitle fails QC, even the smallest issue can mean missed deadlines, extra vendor costs, or frustrated teams. The new Accurate.Video ...
23/01/2026
Friday 23 January 2026
Sky appoints Lisa Clark as Commissioning Executive for SNL UK
Lisa Clark headshot
PNG (468KB)
Lisa Clark joins Sky as Commissioning E...
23/01/2026
RT is delighted to announce that the RT and F s ireann / Screen Ireland supported short film Retirement Plan has been nominated for Best Animated Short at th...
22/01/2026
Last November, Ed Sheeran returned to his musical roots for an intimate, one-nig...
22/01/2026
Every delay costs. When a subtitle fails QC, even the smallest issue can mean missed deadlines, extra vendor costs, or frustrated teams. The new Accurate.Video ...
22/01/2026
Rohde & Schwarz, Qualcomm, and Motorola demonstrate successful 5G Broadcast comp...
22/01/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
21/01/2026
Wednesday 21 January 2026
Backing Britain on the global stage: Sky becomes an o...
21/01/2026
Fox Corporation Executives to Discuss Second Quarter Fiscal 2026 Financial Resul...
21/01/2026
Baselight v7 brings colourists and post-houses smarter mattes, faster workflows and deeper control
FilmLight, known for its detailed colour toolset and longsta...
21/01/2026
RT News is pleased to announce the appointment of Jackie Fox as its new Washington Correspondent. Jackie is a multimedia journalist with RT News and has repor...
19/01/2026
Monday 19 January 2026
Sky News reinvents News at Ten for the modern audience with The Wrap
Sky News today announces The Wrap, a bold evolution of its 10pm ou...
19/01/2026
DPA Microphones is striking a new chord in piano miking with the debut of its DPK2015 Piano Stereo Kit, an out-of-the-box, plug-and-play miking solution that ta...
19/01/2026
DPA Microphones will present its 4099 CORE Instrument Microphone and redesigned...
19/01/2026
Trianel relies on Arvato Systems for future-proof data center operations
Moving to the cloud: Arvato Systems implements extensive IT migration project
Migrat...
19/01/2026
Celebrating 21 Years of the RT Choice Music Prize
RT Choice Music Prize
In association with IMRO and IRMA
Irish Album of the Year 2025 - Shortlist Announce...
18/01/2026
January 18 2026, 21:30 (PST) Dolby Cinema Arrives in Bengaluru: Dolby Laborator...
16/01/2026
The start of a new year brings fresh possibilities. Whether you're diving in with big goals or simply setting new intentions, audiobooks can bring inspirati...
16/01/2026
In 2025 we launched the Spotify Partner Program to give creators more ways to tu...
15/01/2026
The SGL Carbon site in Bonn has a long tradition of training. For many years, young talent has been successfully trained here, regularly achieving excellent exa...
15/01/2026
The JEC Composites Innovation Awards annually honor the most innovative and ambi...
15/01/2026
X-energy Reactor Company, LLC ( X-energy ) and SGL Carbon LLC ( SGL ) have signed a 10-year framework agreement to provide graphite for the deployment of X-ener...
15/01/2026
RT is tonight announcing that Mari Hurley has decided to leave her role as RT 's Chief Financial Officer to take up a new position outside RT . Mari will r...
15/01/2026
15 Jan 2026
VEON's Kyivstar Reaches 3.0 million Customers with Starlink Dir...
15/01/2026
Views to free streaming service U grew by 15%, average monthly active users by 23% and registrations by 18%
UKTV's channels achieved record viewing share, ...
15/01/2026
Thursday 15 January 2026
Sky Sports to show Final Stage of inaugural FIFA Women's Champions Cup
Sky and FIFA have agreed an exclusive new partnership whi...
15/01/2026
Thursday 15 January 2026
The official trailer for the second season of Seth Mac...
15/01/2026
Wuppertal January 15, 2026
Riedel RefCam Takes Center Court in German Basketba...
15/01/2026
Arvato Systems Named Launch Partner for AWS European Sovereign Cloud
As a launch partner for the AWS European Sovereign Cloud, Arvato Systems enables customer...
14/01/2026
Staines-upon-Thames, UK, 13th January, 2026 - ITV, one of the UK's leading broadcasters, has selected Yospace, the global leader in Dynamic Ad Insertion (DA...
14/01/2026
Steiger Media's adoption of Calrec's compact Argo M console not only makes its innovative new hybrid truck faster, more efficient, and agile, but also e...
14/01/2026
Press Release: The Boston Globe Names Cartesian a Top Place to Work in 2025
January 14, 2026
News
Cartesian - January 14, 2026 - EINPresswire.com - Sp...
14/01/2026
Comscore and Marcus Theatres Announce Five-Year Extension for Cinema ACE and Ent...
14/01/2026
Comscore and Santikos Entertainment Announce Five-Year Circuit Wide Commitment t...
14/01/2026
Wednesday 14 January 2026
Sky News announces Cathy Newman to lead flagship new political programme
Sky News today announces that award-winning journalist and ...
14/01/2026
The first stamp of An Post's 2026 Stamp Programme, marking 100 Years of Broadcasting, was unveiled at the GPO by Patrick O'Donovan TD, Minister for Cult...
14/01/2026
It's official! Beverley Callard has landed in Carrigstown. The beloved actor, known for her unforgettable roles and iconic screen presence, is joining the c...
13/01/2026
Independent media in Brazil and Colombia is facing an urgent crisis of traditional business models alongside a deteriorating security environment, according to ...
13/01/2026
Some days you want your music to reflect a specific feeling, memory, or vibe that goes beyond a single artist or genre. You want to do more than listen. You wan...
13/01/2026
Luxembourg, December 17, 2025 - SES S.A. ( SES or the Company ), a leading spa...
13/01/2026
Written and executive produced by Steve Lightfoot and Angela LaManna, produced b...
13/01/2026
New updates to Hitmaker Expansion from Celemony and Softube Edit pitch-perfect vocals with Melodyne Essential and get radio-ready guitar tones from Softube�...
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
