2025 Ibm X-force Threat Index: Large-scale Credential Theft Escalates, Threat Actors Pivot To Stealthier Tactics

IBM NYSE: IBM today released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84 increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks.

The 2025 report tracks new and existing trends and attack patterns - pulling from incident response engagements, dark web and other threat intelligence sources.

Some key findings in the 2025 report include:

Critical infrastructure organizations accounted for 70 of all attacks that IBM X-Force responded to last year, with more than one quarter of these attacks caused by vulnerability exploitation.

More cybercriminals opted to steal data 18 than encrypt it 11 as advanced detection technologies and increased law enforcement efforts pressure cybercriminals to adopt faster exit paths.

Nearly one in three incidents observed in 2024 resulted in credential theft, as attackers invest in multiple pathways to quickly access, exfiltrate and monetize login information.

Cybercriminals are most often breaking in without breaking anything - capitalizing on identity gaps overflowing from complex hybrid cloud environments that offer attackers multiple access points, said Mark Hughes , Global Managing Partner of Cybersecurity Services at IBM. Businesses need to shift away from an ad-hoc prevention mindset and focus on proactive measures such as modernizing authentication management, plugging multi-factor authentication holes and conducting real-time threat hunting to uncover hidden threats before they expose sensitive data.

Patching Challenges Expose Critical Infrastructure Sectors to Sophisticated Threats Reliance on legacy technology and slow patching cycles prove to be an enduring challenge for critical infrastructure organizations as cybercriminals exploited vulnerabilities in more than one-quarter of incidents that IBM X-Force responded to in this sector last year.