The 2024 X-Force Threat Intelligence Index by IBM highlights a global crisis where cybercriminals are increasingly exploiting user identities to compromise enterprises [7].


The report reveals a 71% increase in cyber-attacks exploiting identity [6], with phishing as a common initial access vector [6]. Infostealing malware has seen a 266% rise in 2023 and is now being utilized by ransomware groups. Major incidents resulting from attackers using legitimate accounts required security teams to implement complex response measures [8]. Enterprises are advised to implement unified Identity and Access Management solutions to bolster security measures [6], along with patching, multi-factor authentication [1] [5] [7], or least-privilege principals for critical infrastructure. The report emphasizes the importance of reinforcing foundational security measures and stress-testing environments to uncover weaknesses. The manufacturing sector continues to be the most targeted industry, with data breaches being the primary impact of cyber-attacks. Europe remains the most targeted region [6], with a 66% increase in attacks using valid accounts [2]. While AI threats are not yet significant [6], attacks on generative AI technologies may increase as market share grows [1]. Phishing attacks saw a 44% decrease in volume from 2022 [1] [3], but remain a prevalent threat, especially in the UK where 50% of cyberattacks involve the exploitation of valid accounts [2]. Breaches caused by stolen credentials take approximately 11 months to recover from [2], underscoring the challenges enterprises face in detecting and responding to such attacks. Ransomware attacks on enterprises saw a drop [1] [5], with groups pivoting to infostealers [3] [5] [7]. ROI from attacks on generative AI is not yet realized [5]. Cybercriminals are focusing on “logging in” through valid accounts rather than hacking into networks [7], making this tactic a preferred weapon [7]. Attacks on critical infrastructure organizations are on the rise [7] [8], with nearly 70% of attacks targeting these high-value targets [7]. Security misconfigurations and vulnerabilities remain prevalent [7], with a high percentage of customers having unaddressed CVEs in their environments [7]. Adversaries are increasingly using “kerberoasting” attacks to escalate privileges by abusing Microsoft Active Directory tickets [7]. Enterprises need to secure their AI models and adopt a holistic approach to security in the age of generative AI [7]. Cybercriminals are leveraging generative AI to optimize their attacks [7], with a significant increase in infostealing malware observed [4] [7]. Despite a decrease in phishing attacks [8], AI has the potential to enhance these attacks [8], accelerating them by almost two days [8].


Enterprises must be vigilant in implementing security measures to protect against cyber-attacks exploiting user identities. Strengthening foundational security measures [2], stress-testing environments [2], and securing AI models are crucial steps to mitigate risks. The rise in attacks on critical infrastructure organizations and the increasing use of generative AI by cybercriminals highlight the need for proactive security measures to safeguard against evolving threats.