IBM reveals surge in cyberattacks leveraging compromised accounts

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (

Cybercriminals are increasingly exploiting valid user accounts to gain access to corporate networks, making this tactic a preferred weapon of choice for threat actors.

The findings come from IBM’s 2024 X-Force Threat Intelligence Index released today. The report, based on insights from monitoring over 150 billion security events per day across more than 130 countries, reveals that cybercriminals are generating more opportunities to “log in” to enterprise systems through compromised credentials rather than hacking their way in directly.

“Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials,” said Martin Borrett, Technical Director at IBM Security UK and Ireland. “It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.”

The data shows a staggering 50% of cyberattacks in the UK involved the exploitation of valid accounts as the initial attack vector, with a further 25% of cases exploiting public-facing applications. Across Europe, IBM observed a 66% year-over-year rise in attacks caused by the use of valid accounts, contributing to the region being the most targeted globally in 2023.

The criminal ecosystem has adapted quickly, with IBM detecting a 266% increase in infostealing malware designed to harvest personal and enterprise credentials, identities, banking details and cryptocurrency wallets.

This “easy entry” approach is harder to detect and elicits a costly response from enterprises. According to IBM, major incidents caused by attackers using valid accounts required nearly 200% more complex response measures by security teams compared to the average incident, as defenders struggle to distinguish legitimate from malicious activity.

“Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures,” Borrett advised. “Streamlining identity management through a unified Identity and Access Management provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks.”

Julian David, CEO of techUK, echoed these concerns, calling the report “a stark wake-up call” that highlights the sophisticated exploitation of legitimate accounts to breach business defenses.

“The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses’ recovery endeavours,” explained David.

“To effectively combat this threat, businesses must adopt a strategic approach, integrating modern security protocols to mitigate risks and strengthen their defences against the ever-evolving landscape of cyber threats.”

Other key UK findings from the report include malware accounting for 30% of security incidents, with ransomware (30%) and cryptominers (20%) being the top malware types. The professional, business and consumer services industry was the most targeted at 39% of cases, followed by energy (30%) and finance & insurance (17%).

Globally, a disturbing 69.6% of attacks IBM responded to targeted critical infrastructure organisations, signalling cybercriminals are betting on the high-value need for uptime. In 84% of these attacks, the compromise could have been mitigated through patching, multi-factor authentication or least-privilege principles—indicating that achieving “basic security” may be harder than portrayed.

IBM recommends enterprises reduce the potential blast radius of incidents, stress-test environments with skilled offensive teams, develop robust incident response plans, and prioritise securing the underlying infrastructure when adopting AI technologies.

As cybercriminals continue to weaponise identities, enterprises must take a proactive, strategic approach to fortify their defenses against this escalating global crisis.

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including BlockX, Digital Transformation Week, IoT Tech Expo and AI & Big Data Expo.

Additionally, the upcoming Cloud Transformation Conference is a free virtual event for business and technology leaders to explore the evolving landscape of cloud transformation. Book your free virtual ticket to explore the practicalities and opportunities surrounding cloud adoption.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *