IBM (NYSE: IBM) has released its 2025 X-Force Threat Intelligence Index, revealing a global rise in identity-based cyberattacks. The report highlights a sharp shift in attacker behavior, with a decline in ransomware and a rise in stealth tactics like credential theft.

In 2024, IBM observed an 84% increase in phishing emails delivering infostealers. These attacks are designed to steal credentials quickly and quietly. As a result, identity-based attacks became cheaper, scalable, and harder to detect.

The Middle East saw a notable spike. It became the fourth most-targeted region globally, accounting for 10% of all attacks—up from 7% in 2023. Saudi Arabia and the UAE were the most affected countries.

“As the Middle East continues to advance its digital transformation agendas, cybercriminals are adapting just as quickly- shifting to low-profile, identity-based attacks that are harder to detect,” said Saad Toma, General Manager of IBM Middle East and Africa. “With sectors like finance, energy, and government increasingly targeted, organizations in the region must invest in intelligence-led security strategies that prioritize identity protection, continuous monitoring, and rapid incident response.”

The finance and insurance sector was hit the hardest. It made up 61% of all incidents in the region. Other affected sectors included energy, business services, transportation, and media.

Cybercriminals are also changing how they operate. More attackers are choosing to steal data (18%) rather than encrypt it (11%). This shift reflects growing pressure from stronger cybersecurity tools and law enforcement action.

Legacy systems and patching delays remain a major risk. In the Middle East, 33% of attacks on critical infrastructure started with public-facing application exploits.

IBM found that several high-risk vulnerabilities discussed on dark web forums were linked to advanced threat groups, including nation-state actors.

AI is also playing a role. Attackers are now using AI to scale phishing efforts, contributing to a 180% rise in infostealer use at the start of 2025. Infostealers are widely sold on the dark web, often packaged with thousands of stolen credentials.

Ransomware activity declined, but it still accounted for 28% of malware cases. Some well-known cybercrime groups have shut down or shifted to new tactics. This includes moving to smaller, low-risk operations.

According to IBM, identity-based cyberattacks will remain a major threat in 2025. Organizations are urged to invest in identity protection, threat monitoring, and faster incident response.

Related post

View all