Cybercriminals last year generated more opportunities to “log in” to corporate networks through valid accounts, instead of hacking into them. This tactic is the preferred weapon of choice for threat actors, according to IBM X-Force, IBM Consulting’s security services arm.

The 2024 X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. In addition, data is gathered and analysed from multiple sources within IBM. This includes IBM X-Force Threat Intelligence, Incident Response, X-Force Red, IBM Managed Security Services, and data provided from Red Hat Insights and Intezer.

An emerging identity crisis

The report data reveals that exploiting valid accounts has become the path of least resistance for cybercriminals. Specifically, billions of compromised credentials are accessible on the Dark Web.

The report reveals 50% of cyberattacks in the UK involved the exploitation of valid accounts as the ‘initial access vector’. A further 25% of cases involved the exploitation of public-facing applications. Across Europe, X-Force observed a 66% year-on-year rise in attacks caused by the use of valid accounts. This contributes to Europe’s prevalence as the most targeted region of 2023 and the record number of attacks that X-Force has ever reported regionally.

The criminal ecosystem was also quick to adapt to the use of valid accounts by attackers. In 2023, X-Force observed a 266% increase in info-stealing malware. This is designed to steal personal and enterprise credentials, personally identifiable information, and banking and crypto wallet information.

This “easy entry” for attackers is harder to detect, eliciting a costly response from enterprises. According to X-Force, worldwide, major incidents caused by attackers using valid accounts were linked to nearly 200% more complex response measures by security teams than the average incident. It means that defenders need to distinguish between legitimate and malicious user activity on the network.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Identity increasingly being weaponised against enterprises

IBM’s 2023 Cost of a Data Breach Report found that breaches caused by stolen or compromised credentials required roughly 11 months from detection to recovery. That is the longest response lifecycle among all infection vectors.

Martin Borrett, Technical Director, IBM Security, UK, and Ireland (UKI) said: “Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials. It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.

“Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures. Streamlining identity management through a unified Identity and Access Management (IAM) provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks. Additionally, subjecting your system to rigorous stress tests by skilled offensive security teams proves invaluable in uncovering potential weaknesses. This insight is pivotal for crafting a robust incident response plan that engages all teams, from IT professionals to C-suite executives.”

IBM’s X-Force Threat Intelligence Index: stark wake-up call

Julian David, CEO of techUK, added: “In an era marked by the growing sophistication of cybercriminals who exploit legitimate accounts to breach business defences, IBM’s X-Force Threat Intelligence Index serves as a stark wake-up call.

“The report underscores a troubling pattern. Half of the cyberattacks in the UK rely on legitimate accounts for initial access. This presents significant challenges to businesses’ recovery endeavours. To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.”

2024 X-Force Threat Intelligence Index: further UK findings

Malware made up 30% of security incidents observed in the UK. Ransomware (30%) and cryptominers (20%) were the top malware types encountered in the country. The impact of attacks was evenly distributed. Extortion, digital currency mining and data leaks each make up 25% of total impacts in the UK. This marks a shift from 2022, when half the cases X-Force observed in the UK involved extortion (57%). That is twice the global average, followed by data theft (29%).

The professional, business and consumer services industry was the most targeted sector in the UK, representing 39% of cases. Energy (30%) and finance & insurance (17%) were the second and third most targeted industries in UK, respectively. Manufacturing was the most targeted industry in Europe, accounting for 28% of cases.

Europe overall experienced the highest percentage of incidents within the energy sector at 43%, as well as finance and insurance at 37%.