Know the threat to beat the threat

Cyberattacks are more prevalent, creative and faster than ever. So understanding attackers’ tactics is crucial. The IBM Security® X-Force® Threat Intelligence Index 2023 offers CISOs, security teams and business leaders actionable insights to help you understand how threat actors are waging attacks, and how to proactively protect your organization.

Attack types

Unlocked: Backdoors fuel ransomware

Backdoor deployments, which enable remote access to systems, were the most common type of attacker action that X-Force incident responders handled. The silver lining: 67% of backdoor cases were failed ransomware attacks as defenders were able to disrupt the backdoor before ransomware was deployed.


Of incidents saw backdoors deployed


Of attacks in 2022 were ransomware


Of attacks were business email compromise


Understand an attacker’s view of known and unknown risks

Taking an attacker’s view of both known and unknown risks can help organizations adopt preventive measures before incidents happen.


Victims felt the pressure in 27% of attacks

Whether ransomware, business email compromise (BEC) or distributed denial of service (DDoS), 27% of attacks were extortion related. When attackers see a weakness, they exploit it. Recognizing the industry's low tolerance for downtime, cybercriminals focused more extortion attempts on manufacturing than any other industry.

of extortion targeted manufacturing
of extortion targeted Europe

Prepare and respond faster

Get recommendations to help you stay ahead of threats.

Infection vectors

Phishing: Top way attackers gained access

For the second year in a row, phishing was the leading infection vector, identified in 41% of incidents. More than half of phishing attacks used spear phishing attachments. X-Force also observed a 100% increase in thread hijacking attempts per month—where an attacker impersonates someone and uses existing email conversations for nefarious purposes.


Of attacks used phishing


Of attacks exploited public-facing apps


Of attacks abused valid accounts


Only 26% of new vulnerabilities had known exploits

The proportion of vulnerabilities with a known exploit declined 10 percentage points over the last few years. However, cybercriminals already have access to more than 78,000 known exploits. This access made it easier to exploit older, unpatched vulnerabilities, highlighting the need for a well-defined vulnerability management strategy, including better understanding your attack surface and risk-based prioritization of patches.

New vulnerabilities with exploits
Of known exploits were new in 2022


You need to analyze multiple factors

Identify, prioritize and remediate the vulnerabilities that matter most.


Fast ransomware attacks demand faster responses

While there was a slight decline in ransomware attacks, an X-Force study found that the time to execute attacks dropped 94% over the last few years. What took months now takes attackers mere days. With attackers moving faster, organizations must take a proactive, threat-driven approach to cybersecurity.

60+ days

2019 ransomware deployment time

9.5 days

2020 ransomware deployment time

3.85 days

2021 ransomware deployment time

Next steps