INTELLIGENT BRANDS // Enterprise Security
Critical infrastructure enterprises accounted for 70 % attacks that IBM X-Force responded to
IBM released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84 % increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks.
The 2025 report tracks new and existing trends and attack patterns – pulling from incident response engagements, dark web and other threat intelligence sources.
Some key findings in the 2025 report include:
• Critical infrastructure organisations accounted for 70 % of all attacks that IBM X-Force responded to last year, with more than one quarter of these attacks caused by vulnerability exploitation.
• More cybercriminals opted to steal data, 18 % than encrypt it, 11 % as advanced detection technologies and increased law enforcement efforts pressure cybercriminals to adopt faster exit paths.
• The Middle East was the fourth mosttargeted region globally in 2024, accounting for 10 % of attacks, up from 7 % in 2023. Saudi Arabia and the UAE were the most impacted.
• The finance and insurance sector remained the most targeted industry, representing 61 % of incidents, reflecting the Middle East region’ s growing financial landscape and associated risks. Other targeted industries included energy, 17 %, professional, business, and consumer services, 11 %, transportation, 6 %, and media, 6 %.
“ As the Middle East continues to advance its digital transformation agendas, cybercriminals
Saad Toma, General Manager, IBM Middle East and Africa
are adapting just as quickly- shifting to lowprofile, identity-based attacks that are harder to detect,” said Saad Toma, General Manager of IBM Middle East and Africa.
“ With sectors like finance, energy, and government increasingly targeted, organisations in the region must invest in intelligence-led security strategies that prioritise identity protection, continuous monitoring, and rapid incident response.”
Reliance on legacy technology and slow patching cycles prove to be an enduring challenge for critical infrastructure organisations globally and in the Middle East, where exploitation of public-facing applications represented 33 % of initial access methods.
In reviewing the common vulnerabilities and exposures, CVEs most mentioned on dark web forums, IBM X-Force found that four out of the top ten have been linked to sophisticated threat actor groups, including nation-state adversaries, escalating the risk of disruption, espionage and financial extortion.
In 2024, IBM X-Force observed an uptick in phishing emails delivering infostealers and early data for 2025 reveals an even greater increase of 180 % compared to 2023. This upward trend fuelling follow-on account takeovers may be attributed to attackers leveraging AI to create phishing emails at scale.
Credential phishing and infostealers have made identity attacks cheap, scalable and highly profitable for threat actors.
In the Middle East, malware-infostealers and recon, scanning tools each accounted for 50 % of observed attacks, reinforcing a regional focus on stealth and information gathering. Infostealers enable the quick exfiltration of data, reducing their time on target and leaving little forensic residue behind.
In 2024, the top five infostealers alone had more than eight million advertisements on the dark web and each listing can contain hundreds of credentials. p
www. intelligentcio. com INTELLIGENTCIO MIDDLE EAST 67