IBM’s latest X-Force Threat Intelligence report highlights a critical shift in the global cyber threat environment, warning that one in three cyberattacks now leverage advanced techniques especially the theft of valid login credentials to infiltrate organizations.
According to the 2024 research, 33% of all observed intrusions exploited either existing credentials or vulnerabilities in public-facing applications, underscoring a paradigm where cybercriminals opt to “log in, not break in.”
The report reveals that manufacturing remains the most targeted industry for the fourth consecutive year, accounting for a disproportionate share of extortion (29%) and data theft (24%) incidents.
Attackers continue to exploit outdated legacy systems, with manufacturing organizations facing the highest frequency of ransomware attacks observed in 2024.
These attacks not only disrupt operations but frequently result in the theft of sensitive intellectual property and financial data, fueling further cybercriminal activity.
Attackers Shift to Identity-Based Intrusions
Regionally, the Asia-Pacific (APAC) area is experiencing a 13% increase in attacks, now representing 34% of global incidents.
The region’s prominence in global supply chains and its role as a technology and manufacturing hub make it particularly attractive to threat actors.
This trend highlights a significant rise in the threat landscape for organizations operating within APAC, where exposure to credential theft and subsequent identity-based attacks is intensifying.
A defining trend in attack methodology is the surge in infostealer malware and credential phishing campaigns.
IBM X-Force data shows an 84% year-over-year increase in infostealers delivered via phishing emails.
These attacks result in the exfiltration of valid credentials, which are then rapidly monetized or used in follow-on identity-based campaigns.
Infostealers such as AgentTesla, FormBook, SnakeKeylogger, and PureLogs Stealer have dominated corporate breach pathways, while the dark web marketplace for stolen credentials continues to grow motivated by cybercrime-as-a-service business models.
While endpoint detection and response (EDR) technology has reduced the efficacy of legacy malware campaigns, adversaries now exploit the “shadow vector” of credential phishing.
This involves redirecting users to convincing fake login portals or embedding malicious URLs and obfuscated PDFs in emails.
Attackers increasingly exploit cloud hosting providers for campaign infrastructure, complicating detection and response due to the legitimate appearance of these services.
The proliferation of cloud-hosted malware and phishing further challenges defenders, especially as mass phishing operations in Latin America target banking and enterprise sectors.
AI and Infostealers Drive Evolution
According to the Report, IBM’s analysis also points to a rise in the use of generative AI by threat actors, who employ AI-powered tools to generate phishing emails, craft malicious web content, and automate credential harvesting at scale.
While only 24% of generative AI projects are reported as being secured, the rapid adoption of AI technologies is creating novel attack surfaces, including vulnerabilities in machine learning frameworks and MLOps pipelines.
The study underlines that valid login credentials remain the most valuable cyber loot, facilitating lateral movement and privilege escalation within target environments.
In 2024, credential theft was the single most prevalent cyberattack impact, observed in 28% of cases, often compounded by subsequent data theft and extortion.
Ransomware, though experiencing a reduced share of incidents, continues to evolve with multi-extortion tactics and cross-platform payloads targeting both Windows and Linux environments.
With nearly a quarter of all known vulnerabilities now associated with weaponized exploits many of which are actively traded on the dark web the report underscores the escalating risk to enterprises still struggling with timely patch management and identity sprawl.
IBM X-Force urges organizations to prioritize proactive defenses in light of these trends. Key recommendations include comprehensive employee education on phishing and credential hygiene, robust multi-factor authentication deployment, cloud-aware threat detection, and a unified identity management strategy.
As the cyber threat landscape grows more complex with AI and identity-based attacks, layered security and rapid incident response planning are essential for mitigating operational, reputational, and financial risks.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
