
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's security services arm, cybercriminals last year generated more opportunities to log in to corporate networks through valid accounts, instead of hacking into them making this tactic a preferred weapon of choice for threat actors.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.
An emerging identity crisis
The report data revealed that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.
According to the report, 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial access vector' and a further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts contributing to Europe's prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.
The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.
This easy entry for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery the longest response lifecycle among all infection vectors.
Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) commented:
Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.
Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.
Julian David, CEO of techUK, added:
In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM's X-Force Threat Intelligence Index serves as a stark wake-up call.
The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses' recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.
Further key UK findings include:
Malware made up 30% of security incidents observed in the UK.
Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country.
The impact of attacks was evenly distributed with extortion, digital currency mining and data leaks each making up 25% of total impacts in the UK.
This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%) twice the global average followed by data theft (29%).
The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases.
Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively.
Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.
Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.
Major takeaways from the global report included:
Attacks on critical infrastructure reveal industry faux pas.
Worldwide, an alarming 69.6% of attacks that X-Force responded to were against critical infrastructure organisations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
In 84% of attacks on critical sectors globally, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals indicating that what the security industry historically described as basic security may be harder to achieve than portrayed.
Exploiting public-facing appl
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
07/10/2026
Dalet, a leading technology and service provider for media-rich organizations, today announced the latest Long-Term Supported (LTS) release of Dalet Flex. Build...
06/09/2026
June 9 2026, 23:00 (PDT) Dolby and MagentaTV Bring Fans Closer to the FIFA Worl...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
17/07/2026
From intimate acoustic settings to large-scale festival stages, her focus has remained constant: preserving the true natural voice of the violin in every perfor...
17/07/2026
New and returning series, live festival broadcasts, powerful documentaries and major sporting moments headline RT Radio 1's summer schedule
RT Radio 1 is...
17/07/2026
Up For The Match - Live From Croke Park this Saturday at 8pm on RT One and RT ...
17/07/2026
RT Commercial has today announced DiscoverIreland.ie, as sponsor of The Traitor...
16/07/2026
Media organisations with tested plans for new products, services or revenue models can now apply for grants of up to 30,000 through the Business Innovation Syn...
16/07/2026
A new benchmark in bass enhancement
Described as a new benchmark in bass enhancement , Baby Audio's latest release has been designed to augment the lo...
16/07/2026
Popular library rebuilt in new Orbita Engine
Other Worlds Evolved is the latest of Zero G's sample libraries to be treated to a ground-up rebuild using ...
16/07/2026
Created in collaboration with A. G. Cook
The newest addition to Native Instruments' software collection introduces a new synth created by A. G. Cook, a ...
16/07/2026
Rohde & Schwarz supplies conformance test systems to Marquistech for India's...
16/07/2026
San Jose, CA - July 16, 2026 - Harmonic (NASDAQ: HLIT) today announced a $25,000...
16/07/2026
Modern broadcast facilities are no longer confined to a single control room. Production teams are spread across multiple workstations, machine rooms, studios, c...
16/07/2026
Fox Corporation Executives to Discuss Fourth Quarter and Full Fiscal Year 2026 F...
16/07/2026
More interfaces now compatible with Focusrite Control 2 Your Focusrite interface might now be compatible with a public beta support of Focusrite Control 2. If...
16/07/2026
Together the semi-finals had a combined reach of 1.98 million unique individuals...
15/07/2026
Launched alongside new FreqSoft installer
Designed to bridge the gap between hardware and software, Freqport's FreqInOut FO1 unit provides a simple way ...
15/07/2026
Save up to 55% on software until 23 July 2026
Expressive E have just launched their Summer Offer sale, with discounts of up to 55% now applied across their ...
15/07/2026
Real-time stem-separation tool updated
zplane have recently released a new and improved version of their real-time stem-separation plug-in which they say ma...
15/07/2026
A new benchmark in bass enhancement
Described as a new benchmark in bass enhancement , Baby Audio's latest release has been designed to augment the lo...
15/07/2026
DMC Production's AR 1 and AR 2 units reverse the conventional OB workflow, keeping all production-critical processing at the venue while operators work remo...
15/07/2026
Wednesday 15 July 2026
Screeners and press pack now available: Gomorrah: The Or...
15/07/2026
Trinity's Treasures features Ruth Negga, Eleanor McEvoy, and David Norris, a...
15/07/2026
Join geographer Dr Susan Hegarty, Engineer Tim Joyce and Architect Orla Murphy a...
14/07/2026
Plug-ins for heavy music
Avalanche Tones is the brainchild of Ava Toton, a 17-year-old musician and developer who says her goal is to make the lives of gui...
14/07/2026
Launched alongside new Singer Showcase purchase model
IK Multimedia's innovative vocal-synthesis software has just gained its latest voice add-on, the R...
14/07/2026
Registration open until 1 September 2026
The MIDI Association have revealed that the registration deadline for this year's MIDI Innovation Awards has no...
14/07/2026
88-note model completes MK4 range
Novation have just introduced the final model in their flagship MIDI controller keyboard range, the Launchkey MK4 88. Roun...
14/07/2026
Tuesday 14 July 2026
First look revealed for Friday the 13th prequel, Crystal ...
14/07/2026
When immersive audio dominates industry headlines, it's easy to assume that every broadcaster is preparing for an Atmos future. The reality is quite differ...
14/07/2026
Emma and Sophie from ICG's marketing team joined thousands of fellow marketers, brands and agencies at MAD//Fest London 2026, one of the UK's biggest ma...
14/07/2026
Pilot Project Shows How Retailers Are Prepared for the Next Step in the Evolution of Digital Commerce
Arvato Systems Drives Agentic Commerce Forward
G terslo...
14/07/2026
As part of this commitment, weve joined the SME Climate Hub, publicly pledging to:
measure our greenhouse gas emissions
reduce them in line with a net zero p...
13/07/2026
Adds new intelligent Mix Assistant feature
With their product range now featuring numerous processors across two distinct line-ups, the M-Series and T-Serie...
13/07/2026
Plug-ins for heavy music
Avalanche Tones is the brainchild of Ava Toton, a 17-year-old musician and developer who says her goal is to make the lives of gui...
13/07/2026
Popular sustain effect overhauled
Latvia-based innovators Gamechanger Audio have just launched a new and improved version of their popular sustainer unit. B...
13/07/2026
Celebrating Two Decades of ICG and League Football Education This year marks 20 years of working with League Football Education (LFE) the charity responsible ...
13/07/2026
Silver for Arvato Systems at the 2026 Service Provider Award
Award in the AI as a Service Provider category recognizes AI expertise and innovative strength
...
13/07/2026
RT News is pleased to announce the appointment of Joe Mag Raollaigh as the new Managing Editor of Nuacht, the Irish Language News and Current Affairs service a...
12/07/2026
Offers six-channels and built-in effects
Korg's latest release introduces a new analogue mixer that's been designed to act as a hub for live electro...
11/07/2026
Promises a vividness and depth rarely found in software
Switzerland-based Handcrafted Audio's latest creation is an interesting hybrid instrument that...
10/07/2026
Discounted rates available through 27 August 2026
The Audio Engineering Society (AES) have announced that Early Bird registration is now open for the AES Sh...
10/07/2026
New in-ear monitors to launch in August 2026
Sony have announced the upcoming launch of a new pair of in-ear monitors that promise to deliver a secure, stab...
10/07/2026
New RT documentary explores Irish-led efforts to build bridges in divided Cyprus
More than a Game: From D1 to Pyla airs Monday 13 July
More Than a Game: Fro...
09/07/2026
Latest analogue-emulation plug-ins revealed
Universal Audio have just added two new analogue-emulation plug-ins to their DSP-powered UAD line-up. Developed ...
09/07/2026
Limited-edition mic celebrates rock icon
Neumann have partnered with the Bon Scott Estate to create a limited-edition version of the U 47 FET that honours b...
09/07/2026
Handles organisation, updates, troubleshooting & more
Created by pro-audio software developer Julian Worden, Plugin Station from Julian Michael Technologies...
09/07/2026
Introduces new $1 million advance programme
LANDR have just announced the next phase of their Fair Trade AI programme, a pioneering opt-in music-licensing p...