Cybercriminals are increasingly employing stealthier tactics, as identified in the IBM X-Force 2025 Threat Intelligence Index. Compiled from insights derived from monitoring over 150 billion security events daily across more than 130 countries, the report reveals an 84% increase in the use of infostealers delivered via email in 2024 compared to the previous year. This trend indicates a significant shift in focus towards credential theft, while incidents of ransomware targeting enterprises have notably decreased.
“Cybercriminals are most often breaking in without breaking anything – capitalising on identity gaps overflowing from complex hybrid cloud environments that offer attackers multiple access points,” said IBM cybersecurity services global managing partner Mark Hughes. “Businesses need to shift away from an ad-hoc prevention mindset and focus on proactive measures such as modernising authentication management, plugging multi-factor authentication holes and conducting real-time threat hunting to uncover hidden threats before they expose sensitive data.”
In terms of impact, critical infrastructure organisations represented 70% of all incidents that IBM X-Force addressed during the previous year, with over 25% of these cases linked to the exploitation of system vulnerabilities. Data exfiltration has become a prevailing tactic among cybercriminals, with 18% favouring this approach over encryption, which was chosen by 11%. This transition appears driven by advancements in detection technologies and heightened law enforcement efforts that are prompting criminals to refine their exit strategies.
Overview of cyberattack trends across different regions globally
The report identifies Asia and North America as the regions most frequently targeted by cyberattacks, together accounting for nearly 60% of global incidents. Specifically, Asia experienced 34% of total attacks, while North America accounted for 24%. The manufacturing sector has continued to be the most affected industry for the fourth consecutive year, largely due to its low tolerance for operational downtime and high vulnerability to ransomware attacks.
Emerging threats related to AI have also been highlighted in the report. While large-scale assaults targeting AI technologies did not occur in 2024, researchers are working diligently to identify potential vulnerabilities prior to exploitation. A remote code execution vulnerability discovered within a framework used for developing AI agents is expected to become more widespread as adoption accelerates in 2025. With adversaries likely incentivised to create specialised attack toolkits targeting AI systems, securing the AI pipeline will gain increasing importance.
The ongoing challenges within critical infrastructure sectors stem from reliance on outdated technology and slow patching processes. IBM X-Force reported that vulnerabilities exploited in over one-quarter of incidents indicate this persistent issue. An analysis of common vulnerabilities and exposures (CVEs) revealed that four out of the ten most discussed CVEs on dark web forums are linked to advanced threat actor groups, including state-sponsored entities, amplifying risks associated with disruption and financial extortion.
In partnership with Red Hat Insights, IBM X-Force found that more than half of Red Hat Enterprise Linux customers had not deployed patches for at least one critical CVE, while 18% had not patched five or more vulnerabilities. Additionally, prominent ransomware families such as Akira, Lockbit, Clop, and RansomHub have evolved to support both Windows and Linux environments.
The report also noted a significant surge in phishing campaigns distributing infostealers, with early data indicating an increase of 180% compared to 2023. Credential phishing tactics and infostealers simplify access for threat actors, facilitating rapid data exfiltration while leaving minimal evidence.
Despite ransomware making up 28% of malware cases in 2024, there was an overall decline in ransomware incidents compared to the previous year. This decrease coincided with a rise in identity-based attacks as cybercriminals adapted their strategies in response to ongoing countermeasures.
Read more: Ransomware payments drop 35% in 2024 amid law enforcement crackdowns
