Cybercriminals have adjusted their tactics in 2024 and are increasingly focusing on the targeted theft of login details. While ransomware attacks decreased, emails with info stealers increased by 84 percent. In almost half of all cyber attacks, data or login information was stolen.
This is evident from the new IBM X-Force Threat Intelligence Index 2025. The shift to more subtle attack techniques is remarkable. Organizations with critical infrastructure were the target of 70 percent of all attacks to which IBM X-Force responded last year. In more than a quarter of these cases, the attackers exploited known vulnerabilities.
It is striking that more cybercriminals chose to steal data (18 percent) than to encrypt it (11 percent). Better detection technologies and stricter law enforcement enable attackers to work faster and more covertly. In almost one in three incidents in 2024, login details were obtained. Attackers invest in various methods to quickly gain access to accounts and monetize them immediately.
Outdated technology
Slow patch cycles and outdated technology continue to be a persistent problem for organizations in critical infrastructure. IBM X-Force discovered that four of the ten most discussed vulnerabilities on dark web forums were related to advanced malicious parties, including state-backed groups.
Exploit codes for these vulnerabilities were openly traded on forums, fueling a growing market for attacks on energy grids, healthcare networks and industrial systems. The exchange of information between cybercriminals underscores the importance of dark web monitoring for early threat detection.
Automated attacks are on the increase
In 2024, IBM X-Force saw increased phishing emails distributed by infostealers. The figures for early 2025 show an even stronger increase: 180 percent compared to 2023. This trend, which leads to the takeover of user accounts, is probably due to cybercriminals using AI for large-scale automation.
Phishing and infostealers make identity attacks cheap, scalable and profitable. In 2024, the five most important infostealers had more than eight million advertisements on the dark web, with each entry potentially containing hundreds of login credentials. Attackers also sell phishing kits and services to circumvent multi-factor authentication, indicating a growing demand for unauthorized access.
Tip: OneSpan Secure Agreement Automation helps combat identity fraud