IBM Security X-Force Threat Intelligence Index 2023

Get the report View the action guide
Know the threat to beat the threat

Cyberattacks are more prevalent, creative and faster than ever. So understanding attackers’ tactics is crucial. The IBM Security® X-Force® Threat Intelligence Index 2023 offers CISOs, security teams and business leaders actionable insights to help you understand how threat actors are waging attacks, and how to proactively protect your organization.

Prepare and respond faster

Get recommendations to help you stay ahead of threats.

Unlocked: Backdoors fuel ransomware Backdoor deployments, which enable remote access to systems, were the most common type of attacker action that X-Force incident responders handled. The silver lining: 67% of backdoor cases were failed ransomware attacks as defenders were able to disrupt the backdoor before ransomware was deployed. 21%

21% of incidents saw backdoors deployed



17% of attacks in 2022 were ransomware


6% of attacks were due to business email compromise

Expert insight: Keying in on backdoors Watch Andy Piazza, Global Head of Threat Intelligence at IBM Security X-Force, discuss the top 3 actions we saw threat actors take.

Tip Understand an attacker’s view of known and unknown risks

Taking an attacker’s view of both known and unknown risks can help organizations adopt preventive measures before incidents happen.


See demo

Victims felt the pressure in 27% of attacks Whether ransomware, business email compromise (BEC) or distributed denial of service (DDoS), 27% of attacks were extortion related. When attackers see a weakness, they exploit it. Recognizing the industry's low tolerance for downtime, cybercriminals focused more extortion attempts on manufacturing than any other industry. 30%

30% of extortion targeted manufacturing



44% of extortion targeted Europe


Phishing: Top way attackers gained access For the second year in a row, phishing was the leading infection vector, identified in 41% of incidents. More than half of phishing attacks used spear phishing attachments. X-Force also observed a 100% increase per month in thread hijacking attempts—where an attacker impersonates someone and uses existing email conversations for nefarious purposes. 41%

41% of attacks used phishing



26% of attacks exploited public-facing apps



16% of attacks abused valid accounts

Expert insight: Phishing facts Stephanie “Snow” Carruthers, Chief People Hacker at IBM Security X-Force Red, explains why phishing was the leading infection vector.

Only 26% of new vulnerabilities had known exploits The proportion of vulnerabilities with a known exploit declined 10 percentage points over the last few years. However, cybercriminals already have access to more than 78,000 known exploits. This access made it easier to exploit older, unpatched vulnerabilities, highlighting the need for a well-defined vulnerability management strategy, including better understanding your attack surface and risk-based prioritization of patches. 26%

26% of new vulnerabilities had known exploits



8% of known exploits were new in 2022


Tip You need to analyze multiple factors

Identify, prioritize and remediate the vulnerabilities that matter most.


Fast ransomware attacks demand faster responses While there was a slight decline in ransomware attacks, an X-Force study found that the time to execute attacks dropped 94% over the last few years. What took months now takes attackers mere days. With attackers moving faster, organizations must take a proactive, threat-driven approach to cybersecurity. 60+ days

Ransomware deployment time in 2019 was over 60 days


9.5 days

Ransomware deployment time in 2020 was 9.5 days on average


3.85 days

Ransomware deployment time in 2021 was 3.85 days on average


Expert insight: Ransomware realities John Dwyer, Head of Research, IBM Security X-Force, talks about the need for speed when it comes to ransomware attacks.
Next steps

Download the report for additional insights, put them into practice with the Threat Intelligence Action Guide, or schedule time to speak with an X-Force expert.

Read the full report

Download the report for additional insights and recommendations.

Download the report
Action guide

Put insights and recommendations into practice with the Threat Intelligence Action Guide.

View the action guide