Cybercriminals are increasingly exploiting legitimate user accounts to gain access to corporate networks, making account takeover a preferred tactic for threat actors.
These findings come from IBM’s 2024 X-Force Threat Intelligence Index. The report, based on monitoring more than 150 billion security events per day across over 130 countries, shows attackers are favoring compromised credentials and valid logins over more overt hacking techniques to enter enterprise environments.
“Our findings reveal that identity is increasingly being weaponised against enterprises, exploiting valid accounts and compromising credentials,” said Martin Borrett, Technical Director at IBM Security UK and Ireland. “It also shows us that the biggest security concern for enterprises stems not from novel or cryptic threats, but from well-known and existing ones.”
The data reveal that 50% of cyberattacks in the UK used valid accounts as the initial attack vector, while another 25% exploited public-facing applications. Across Europe, IBM recorded a 66% year-over-year rise in attacks driven by the use of valid accounts, making the region the most targeted globally in 2023.
The criminal ecosystem has adapted rapidly: IBM detected a 266% increase in infostealing malware designed to harvest personal and enterprise credentials, identities, banking details and cryptocurrency wallet information.
This “easy entry” method is often harder to detect and prompts more complex, costly responses from security teams. IBM reports that major incidents originating from compromised valid accounts required nearly 200% more complex response measures than the average incident, as defenders face difficulty distinguishing legitimate activity from malicious use.
“Addressing cybersecurity challenges requires a strategic approach, emphasising the reinforcement of foundational security measures,” Borrett advised. “Streamlining identity management through a unified Identity and Access Management provider and strengthening legacy applications with modern security protocols are crucial steps in mitigating risks.”
Julian David, CEO of techUK, described the report as “a stark wake-up call,” noting the sophisticated exploitation of legitimate accounts to breach corporate defenses. “The report underscores a troubling pattern where half of the cyberattacks in the UK rely on legitimate accounts for initial access, presenting significant challenges to businesses’ recovery endeavours,” he said.
David urged organisations to adopt a strategic approach that integrates modern security protocols to reduce risk and improve resilience against evolving threats.
Other notable UK findings include malware accounting for 30% of security incidents, with ransomware representing 30% of malware cases and cryptominers 20%. The professional, business and consumer services sector was the most targeted at 39% of incidents, followed by energy at 30% and finance & insurance at 17%.
Globally, 69.6% of attacks IBM responded to targeted critical infrastructure organisations, reflecting attackers’ focus on high-value targets where uptime is essential. In 84% of these incidents, simple mitigations—such as patching, multi-factor authentication and enforcing least-privilege access—could have reduced or prevented the compromise, highlighting that basic security controls are still frequently overlooked.
IBM recommends organisations limit the blast radius of breaches, regularly stress-test environments with skilled offensive teams, develop and rehearse robust incident response plans, and prioritise securing underlying infrastructure when deploying AI and other emerging technologies.
As threat actors continue to weaponise identities, enterprises must adopt proactive, strategic measures to strengthen defenses and reduce exposure to this escalating global risk.
Want to learn more about cybersecurity and cloud from industry leaders? Check out Cyber Security & Cloud Expo, held in Amsterdam, California and London. The event brings together industry speakers and runs alongside other related tech events.
Also coming up is the Cloud Transformation Conference, a free virtual event for business and technology leaders focused on cloud adoption and transformation. Register for a free virtual ticket to explore practical guidance and opportunities around cloud migration and modernisation.
Explore other upcoming enterprise technology events and webinars powered by TechForge.