LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's security services arm, cybercriminals last year generated more opportunities to log in to corporate networks through valid accounts, instead of hacking into them making this tactic a preferred weapon of choice for threat actors.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.
An emerging identity crisis
The report data revealed that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.
According to the report, 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial access vector' and a further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts contributing to Europe's prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.
The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.
This easy entry for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery the longest response lifecycle among all infection vectors.
Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) commented:
Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.
Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.
Julian David, CEO of techUK, added:
In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM's X-Force Threat Intelligence Index serves as a stark wake-up call.
The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses' recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.
Further key UK findings include:
Malware made up 30% of security incidents observed in the UK.
Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country.
The impact of attacks was evenly distributed with extortion, digital currency mining and data leaks each making up 25% of total impacts in the UK.
This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%) twice the global average followed by data theft (29%).
The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases.
Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively.
Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.
Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.
Major takeaways from the global report included:
Attacks on critical infrastructure reveal industry faux pas.
Worldwide, an alarming 69.6% of attacks that X-Force responded to were against critical infrastructure organisations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
In 84% of attacks on critical sectors globally, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals indicating that what the security industry historically described as basic security may be harder to achieve than portrayed.
Exploiting public-facing appl
Europe Stories
11/12/2025
Dalet, a leading provider of cloud-native, end-to-end media workflow solutions, ...
04/12/2025
The ninth series of Dancing with the Stars returns to screens in early
2026 and will be proudly sponsored by Hyundai
Filling our Sunday evenings with glitz an...
03/12/2025
ToolsOnAir Composition Builder 2025 Boilerplate
More Details: The Composition Builder 2025 application for macOS enables TV stations and Live Event broadcast...
03/12/2025
ToolsOnAr just:live pro 2025 Boilerplate
More Details: just:live pro 2025 is a Single Channel Live Production Playout solution for video and static or real-t...
03/12/2025
ToolsOnAr just:play pro 2025 Boilerplate
More Details: just:play pro 2025 is a Single Channel automated 24/7 Master Control playout solution with SD, HD and ...
03/12/2025
ToolsOnAr live:cut 2025 Boilerplate
More Details: live:cut is an option to just:in mac pro 2025 and enables multicamera production workflows for up to 16 cam...
03/12/2025
ToolsOnAir Just In Mac Lite NDI 2025 Boilerplate
More Details: The Just In Mac Lite NDI application is a streamlined media capture solution designed specific...
03/12/2025
ToolsOnAir Just In Mac Lite 2025 Boilerplate
More Details: The Just In Mac Lite application is a streamlined media capture solution designed specifically for...
03/12/2025
ToolsOnAir just:in mac pro 2025 Boilerplate
More Details: just:in mac pro is a macOS-based client-server multichannel capture solution to record SDI, HDMI, N...
03/12/2025
Tracy Bonareri Onchoke, Thomson's Young Journalist of the year 2025 is hoping the accolade will be a springboard to more cross-border collaboration between ...
03/12/2025
For the fourth time, Bad Bunny is the most-streamed Wrapped artist on Spotify gl...
03/12/2025
The wait is over. It's time to look back at the audio that defined your year with 2025 Spotify Wrapped, our annual celebration for fans, artists, creators, ...
03/12/2025
Por cuarta vez, Bad Bunny es el Top Artista Global de Wrapped en Spotify, con 19...
03/12/2025
Spotify Wrapped is back, and as always, it's powered by the billions of streams that fans around the world delivered throughout the year. From the artists w...
03/12/2025
Spotify Wrapped is the moment when hundreds of millions of fans around the world...
03/12/2025
With more than 700 million listeners around the world turning to Spotify to soundtrack their lives, it's time to look back at the audio that defined the yea...
03/12/2025
Con m s de 700 millones de oyentes en todo el mundo usando Spotify para acompa ar su d a a d a, es momento de mirar hacia atr s y ver el audio que marc el a o....
03/12/2025
From page-turning thrillers to inspiring memoirs, audiobooks are becoming a core...
03/12/2025
Com mais de 700 milh es de ouvintes em todo o mundo recorrendo ao Spotify para embalar seu dia a dia, chega o momento de revisitar o udio que marcou o ano. Nos...
03/12/2025
Spotify Wrapped celebrates the audio that defined our year, and the annual globa...
03/12/2025
Wuppertal December 3, 2025
Riedel and Haivision Join Forces to Advance Wireless Video TransmissionRiedel Communications today announced a new partnership with...
03/12/2025
Tell us a little bit about your job I am a Digital Marketing Executive working on Paid Social, PPC, and Organic Social. I joined the team in May 2025 and am enj...
03/12/2025
SAN JOSE, Calif. and VIENNA - Dec. 3, 2025 - Harmonic (NASDAQ: HLIT) and Normann...
03/12/2025
S an Nollaig
Celebrate 2025's top Irish sporting stars with RT Sport Awards live from RT Studios on RT One and RT Player
RT pays tribute to Ror...
02/12/2025
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({...
02/12/2025
--
The International Electrotechnical Commission (IEC), the International Organization for Standardization (ISO), and the International Telecommunication Unio...
02/12/2025
Harmonic's cOS Platform Will Redefine Subscribers' Quality of Experience, Lowering Churn SAN JOSE, Calif. - Dec. 2, 2025 - Harmonic (NASDAQ: HLIT) today...
02/12/2025
S an Nollaig
Hollywood blockbusters The Banshees of Inisherin, Barbie and Oppenheimer make their Irish TV debut
Tune into the classics such as Love Actual...
02/12/2025
Showcasing fresh Irish storytelling and emerging talent Storyland 2025 signals a fantastic time for Irish drama
RT and F s ireann/Screen Ireland are proud to...
01/12/2025
MANCHESTER, UK - November 2025 - Announced two days before the 30th anniversary of Oasis' debut album, Definitely Maybe, the Oasis Live '25 tour marks t...
01/12/2025
01 Dec 2025
Kyivstar and Ukrainian Ministry of Digital Transformation Select Go...
01/12/2025
The prequel to the global hit Sky Original mob crime saga, Gomorrah' is a s...
01/12/2025
Featuring Florence Welch, Red Hot Chilli Peppers' Flea, designer Bella Freud...
01/12/2025
Fox Corporation Chief Financial Officer Steve Tomsic to Participate in Upcoming ...
01/12/2025
Arvato Systems' Virtual Private Cloud (VPC) Receives BSI C5 Certification (T...
01/12/2025
Summary This short video gives you an summary of the changes in under two minutes.
--...
01/12/2025
As the festive season approaches, RT Supporting the Arts is proud to showcase a...
01/12/2025
Festive specials of Christmas in Kilmainham presented by Marty Whelan, High Road Low Road, Callan Kicks the Year and Keys to My Life
Ring in the New Year with ...
01/12/2025
Architect and television presenter Hugh Wallace, best known to RT audiences as a long-serving judge on Home of the Year, has died at the age of 68.
In a state...
28/11/2025
It's easy to ignore those little red update available badges. But when it ...
28/11/2025
Friday 28 November 2025
Sky Sports x Slawn drop limited-edition football jersey...
28/11/2025
Rohde & Schwarz shows resilience in a challenging environment, revenue exceeds t...
28/11/2025
Unwrapped: The Toy Show Appeal - airing this Sunday on RT One and RT Player- s...
27/11/2025
27 Nov 2025
GSMA brings M360 Eurasia 2026 to Samarkand in partnership with VEON...
27/11/2025
Tahar Rahim and Izuka Hoyle star in the gripping six-part Sky Original from Acad...
27/11/2025
Thursday 27 November 2025
Sky Arts Reveals the Nation's Greatest Basslines - and Queen Reign Supreme
The UK's most iconic basslines have been revealed...
27/11/2025
Rating reflects rating progress across areas including policies, diversity & inclusion, health & safety and Net Zero leadership
Winchester, UK, 27 November 202...
27/11/2025
What are the industry standards for Retail Media? Kathryn explains that certification is based on the IAB Europe Retail Media Measurement Standards and the IAB ...
27/11/2025
World champion boxer and Irish sporting icon Katie Taylor will be in studio this...
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
