LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's security services arm, cybercriminals last year generated more opportunities to log in to corporate networks through valid accounts, instead of hacking into them making this tactic a preferred weapon of choice for threat actors.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.
An emerging identity crisis
The report data revealed that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.
According to the report, 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial access vector' and a further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts contributing to Europe's prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.
The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.
This easy entry for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery the longest response lifecycle among all infection vectors.
Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) commented:
Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.
Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.
Julian David, CEO of techUK, added:
In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM's X-Force Threat Intelligence Index serves as a stark wake-up call.
The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses' recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.
Further key UK findings include:
Malware made up 30% of security incidents observed in the UK.
Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country.
The impact of attacks was evenly distributed with extortion, digital currency mining and data leaks each making up 25% of total impacts in the UK.
This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%) twice the global average followed by data theft (29%).
The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases.
Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively.
Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.
Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.
Major takeaways from the global report included:
Attacks on critical infrastructure reveal industry faux pas.
Worldwide, an alarming 69.6% of attacks that X-Force responded to were against critical infrastructure organisations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
In 84% of attacks on critical sectors globally, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals indicating that what the security industry historically described as basic security may be harder to achieve than portrayed.
Exploiting public-facing appl
Europe Stories
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
04/08/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
04/07/2026
April 7 2026, 19:00 (PDT) Detective Conan: Fallen Angel of the Highway Opens in...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
06/05/2026
New pricing tiers for vocal/dialogue restoration tool
NoiseWorks Audio's AI-powered vocal and dialogue processing plug-in is now available in three diff...
06/05/2026
Popular mixing & routing software overhauled
Following a recent public beta test, RME have launched the final release version of the powerful mixing and rou...
06/05/2026
New SOS Video Feature
Focusrites ISA C8X is a milestone product that brings together the companys analogue heritage and their expertise in digital audio. Yo...
06/05/2026
06 May 2026
VEON's Kyivstar Authorized to Resell Starlink for Businesses & ...
06/05/2026
UKTV has secured the exclusive rights to the early back catalogue of iconic Australian drama series Neighbours, following a landmark content deal with Fremantle...
06/05/2026
Wednesday 6 May 2026
Sky commissions feature documentary to mark 10th anniversa...
06/05/2026
Wednesday 6 May 2026
Sky and Formula 1 agree long-term partnership across UK, Ireland and Italy
Sky in the UK & Ireland to remain the home of Formula 1 until ...
06/05/2026
Sky Zero Footprint Fund-backed TV campaign launches nationwide, supported by new...
06/05/2026
Wuppertal May 6, 2026
Riedel Expands Leadership Structure, Appoints Marc Engro...
06/05/2026
SAN JOSE, Calif. - May 6, 2026 - Harmonic (NASDAQ: HLIT) today announced its latest broadband innovations for ANGA COM 2026, highlighting its vision for a new e...
06/05/2026
Statement from Rupert Murdoch, Chairman Emeritus, Fox Corporation on Ted Turner&...
06/05/2026
Friday 8 May on RT One and RT Player
Meet the NSPCA team caring for and protecting animals in need in this six-part series
Fly on the wall, six-part series...
05/05/2026
Experts from the world of academia, tech, business, politics and media convened for a Thomson Talks at the Cambridge Disinformation Summit in April. It's th...
05/05/2026
Another year, and more proof that Asia continues to shape some of the world's most exciting new sounds. This year's RADAR artists draw from deep local r...
05/05/2026
The Austin City Limits Music Fest 2026 lineup just dropped, and this year, Spoti...
05/05/2026
New drum machine book campaign incoming
Bjooks have announced that during Superbooth 2026, they will be launching a Kickstarter campaign to fund the product...
05/05/2026
Flagship all-in-one production bundle updated
The latest version of Native Instruments' flagship virtual instrument and plug-in bundle has just been ann...
05/05/2026
Rohde & Schwarz to host RF Testing Innovations Forum 2026, helping design engine...
05/05/2026
The company grew by 7.6% in net revenue and 16.3% in EBITDA, achieving a 33% inc...
05/05/2026
FOX Sports, FOX One and Indeed Launch Nationwide Search for FOX One Chief World...
04/05/2026
just:play pro 2026 and just:live pro 2026 are available to download!
More Details:At NAB 2026, ToolsOnAir showcased just:play pro 2026 and just:live pro 2026, ...
04/05/2026
just:in mac pro 2026 - The Next Level of Professional Recording on macOS
More Details:The headline innovation in just:in mac pro 2026 is the new Auto format si...
04/05/2026
Last week, guests gathered in New York City for On Air, In Style: An Evening with Spotify-a night of conversation, culture, and connection celebrating the inter...
04/05/2026
New music & post-production features added
Avid's latest DAW update delivers an array of helpful features aimed at both music and post-production users,...
03/05/2026
Polysynth now features Mutable Instruments' macro oscillators
Melbourne Instruments have just released a free firmware update that brings the engine beh...
02/05/2026
Versatile re-amping tool announced
Warm Audio are best known for their recreations of sought-after vintage studio gear, but their latest release brings a ne...
02/05/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
01/05/2026
Florals for spring? Groundbreaking. But a playlist that tells you which The Devi...
01/05/2026
One of the world's biggest popstars is headed to El Cl sico. Later this mont...
01/05/2026
Limited-edition model celebrates 15th anniversary
Heritage Audio's range of monitor controllers has just gained a new member, the Baby RAM Black Edition...
01/05/2026
Dumble recreation now available as UAD plug-in
Along with their renowned processing plug-ins, Universal Audio have been steadily introducing emulations of c...
01/05/2026
We were lucky enough to benefit from huge generosity, so we now have a fantastic Quantum 338T and are developing a cutting-edge d&b loudspeaker system, he expa...
01/05/2026
The first Quantum console purchase made by the company was a Quantum 338 in September 2020. Since then, the company has leveraged Quantum power to steadily expa...
01/05/2026
Friday 1 May 2026
Hannah Waddingham and Ncuti Gatwa to host the series final tw...
01/05/2026
Friday 1 May 2026
Got plans? Cancel them. Sky Sports Big Weekend is coming
Sky Sports is preparing for a bumper weekend of live action, including Manchester ...
01/05/2026
Friday 1 May 2026
Sky Sports to broadcast all matches from World Sevens Football London edition
Sky Sports will be the exclusive UK broadcaster of the women&#...
01/05/2026
RT Sport awarded first pick free-to-air on Wednesday nights
Champions League and Super Cup finals
Highlights on Wednesday nights
RT today (Thursday 30 Apri...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
30/04/2026
Music is evolving, and so are the ways you discover and connect with artists. In...
30/04/2026
Between April 22-29, the first inaugural Stockholm Music Week brought together thought leaders and partners across industries including music, tech, government,...
30/04/2026
Iconic large-format console upgraded
API's iconic Vision console has just been treated to an overhaul that aims to meet the demands of today's profe...
30/04/2026
Comes complete with miking accessories
The LCT 440 Pure has proven to be a popular member of Lewitt's mic line-up, offering impressive technical perform...
30/04/2026
24 October 2026 at The Octagon, Sheffield
Now in its eighth year, SynthFest UK is the largest event of its kind in the UK, bringing together the top keyboar...
30/04/2026
Rohde & Schwarz equips new Terminal 3 at Frankfurt Airport with security scanner...
30/04/2026
Rohde & Schwarz expands broadband amplifier portfolio with new power classes up ...
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
