LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
According to IBM X-Force, IBM Consulting's security services arm, cybercriminals last year generated more opportunities to log in to corporate networks through valid accounts, instead of hacking into them making this tactic a preferred weapon of choice for threat actors.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM, including IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer , which contributed to the 2024 report.
An emerging identity crisis
The report data revealed that exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.
According to the report, 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial access vector' and a further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts contributing to Europe's prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.
The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in infostealing malware, which is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.
This easy entry for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident with defenders needing to distinguish between legitimate and malicious user activity on the network.
In fact, IBM's 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery the longest response lifecycle among all infection vectors.
Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) commented:
Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.
Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.
Julian David, CEO of techUK, added:
In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM's X-Force Threat Intelligence Index serves as a stark wake-up call.
The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses' recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.
Further key UK findings include:
Malware made up 30% of security incidents observed in the UK.
Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country.
The impact of attacks was evenly distributed with extortion, digital currency mining and data leaks each making up 25% of total impacts in the UK.
This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%) twice the global average followed by data theft (29%).
The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases.
Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively.
Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.
Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.
Major takeaways from the global report included:
Attacks on critical infrastructure reveal industry faux pas.
Worldwide, an alarming 69.6% of attacks that X-Force responded to were against critical infrastructure organisations, an alarming finding highlighting that cybercriminals are wagering on these high value targets' need for uptime to advance their objectives.
In 84% of attacks on critical sectors globally, compromise could have been mitigated with patching, multi-factor authentication, or least-privilege principals indicating that what the security industry historically described as basic security may be harder to achieve than portrayed.
Exploiting public-facing appl
More from IBM
06/02/2025
Oxford, U.K., 6 February 2025 New research from Oxford Economics, published to...
16/01/2025
LONDON, U.K., January 16, 2025 - IBM (NYSE: IBM) today announced its intent to a...
15/01/2025
London, 15 January, 2025 Frontline emergency services will benefit from a new communications network that will modernise how they work together, as the govern...
06/01/2025
London, 6 January 2025 IBM today announced that Leon Butler has been named General Manager, IBM in the UK and Ireland. He succeeds Dr Nicola Hodson, who will ...
09/12/2024
LONDON, UK, 9 Dec, 2024: IBM (NYSE: IBM) has unveiled breakthrough research in optics technology that could dramatically improve how data centers train and run ...
05/11/2024
ording to observations in the 2024 IBM X-Force Threat
Intelligence Index.
The...
04/11/2024
Dublin and London, 4 November, 2024 IBM today announced that Nathan Cullen has been appointed Country General Manager and Technology Leader, IBM Ireland. He s...
13/08/2024
LONDON, August 13, 2024 /PRNewswire/ -- Two IBM-developed algorithms (NYSE: IBM)...
30/07/2024
LONDON, UK, 30 July, 2024 -- IBM (NYSE: IBM) today released its annual Cost of a Data Breach Report revealing the average cost of a data breach in the UK reache...
09/07/2024
IBM announced it has acquired SiXworks Limited (Ltd.), a UK-based consultancy serving the UK defence sector and specialising in digital transformation in highly...
17/06/2024
LONDON, June 17, 2024 /PRNewswire/ -- IBM (NYSE: IBM) and The All England Lawn T...
29/05/2024
LONDON, UK, 29 May 2024 A new study by the IBM (NYSE: IBM) Institute for Busin...
23/05/2024
IBM Security's Martin Borrett shares his thoughts on how cybersecurity will be impacted in the age of generative AI. Please see the full article here in AI ...
12/05/2024
IBM UK & Ireland Chief Executive, Dr Nicola Hodson, recently sat down with Daily...
30/04/2024
Dr. Nicola Hodson, Chief Executive, IBM UK & Ireland introduces the UK findings of an IBM study on female leadership in the age of AI
Advances in Artificial In...
25/04/2024
LONDON, UK, April 25, 2024 IBM (NYSE: IBM) today announced new storage capabilities that give clients choice and control in the data center to maximise perfor...
05/04/2024
Madrid, Spain April 5, 2024 The President of the Government, Pedro S nchez, ...
26/03/2024
London, UK, March 26, 2024 Today, IBM (NYSE: IBM) announced the EMEA geography winners of the 2024 IBM Partner Plus Awards, which celebrate IBM partners who a...
21/02/2024
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligen...
06/02/2024
LONDON, U.K., February 6, 2024 IBM (NYSE: IBM) today announced IBM LinuxONE 4 ...
18/01/2024
Today, IBM is announcing that it has signed a definitive agreement to acquire application modernization capabilities from Advanced, bringing a combination of ta...
10/01/2024
LONDON and ARMONK, N.Y., January 10, 2024 New research commissioned by IBM (NYSE: IBM) found that more than a third of UK organisations with over 1,000 employ...
13/12/2023
LONDON, UK, December 13, 2023 - Today, IBM (NYSE: IBM) signed a contract with the NATO Communications and Information Agency (NCI Agency) to help strengthen the...
05/12/2023
LONDON, UK, 5 December, 2023 Amazon Web Services, Inc. (AWS), an Amazon.com co...
30/11/2023
LONDON, UK, Nov 30, 2023 IBM (NYSE: IBM) today announced new efforts that apply its geospatial AI technologies, including IBM's geospatial foundation mode...
22/11/2023
DUBLIN, 22 November, 2023 - To help close the global artificial intelligence (AI...
08/11/2023
Wednesday 8 November, London: Today, IBM launched its new report Leadership in ...
27/10/2023
Arvind Krishna, Chairman and CEO of IBM, met recently with one of the UK's leading business editors in New York for a major profile interview.
The Sunday T...
18/10/2023
LONDON, UK, October 18, 2023: IBM (NYSE: IBM) today announced an expansion of it...
13/09/2023
LONDON, UK, September 13, 2023 IBM (NYSE: IBM) today announced its role as an Associate Pathway Partner of the 2023 United Nations Climate Change Conference (...
17/08/2023
LONDON, UK, August 17, 2023 - Today, IBM (NYSE: IBM) is expanding its collaborat...
14/08/2023
LONDON, UK, August 14, 2023 - Executives in the UK estimate that 41% of their wo...
24/07/2023
LONDON, UK. 24 July 2023 IBM Security today released its annual Cost of a Data Breach Report,1 which revealed that UK organisations pay an average of £3.4m fo...
20/07/2023
The Crown Commercial Service (CCS) has announced a new 3-year Memorandum of Unde...
18/07/2023
LONDON, UK; July 18, 2023London, UK; July 18, 2023 - IBM (NYSE:IBM) today announ...
27/06/2023
LONDON, UK, June 27, 2023 A new study by the IBM (NYSE: IBM) Institute for Bus...
21/06/2023
LONDON, U.K. and ARMONK N.Y., June 21, 2023 IBM (NYSE: IBM) and The All Englan...
19/05/2023
IBM Consulting has been selected to revolutionise Diageo's IT environment by...
23/04/2023
You may have seen recent media coverage relating to the Confederation of British Industry (CBI), the largest business association in the UK.
IBM agrees with th...
17/04/2023
LONDON, UK, April 17, 2023 - A new global IBM (NYSE: IBM) Institute for Business...
03/04/2023
IBM is pleased to see the UK government making progress on its plans to develop a pro-innovation approach to AI regulation. Like similar approaches in Singapore...
14/03/2023
LONDON, UK, March 1, 2023 - IBM (NYSE: IBM) announced today that it is accepting...
01/03/2023
LONDON, UK, March 1, 2023 - The leadership pipeline for women has hollowed out i...
22/02/2023
ARMONK, N.Y. and LONDON, UK, FEBRUARY 22, 2023 IBM Security (NYSE: IBM) today ...
14/02/2023
London, 14th February 2023 Job seekers, students, and career changers around t...
09/01/2023
London, 9 January 2023 IBM today announced that Nicola Hodson has been named Chief Executive, IBM in the UK and Ireland. Dr Hodson succeeds Sreeram Visvanatha...
28/11/2022
Stevenage, UK, November 28th 2022: East and North Hertfordshire NHS Trust is tod...
LONDON, UK, Feb 21, 2024 IBM today released the 2024 X-Force Threat Intelligence Index highlighting an emerging global crisis as cybercriminals double down on exploiting user identities to compromise enterprises.
