Skip to main content

CYBERSTATS

Security Intelligence

Back to Home

The top initial access vector observed in 2024 was a tie between exploitation of public facing applications and use of valid account credentials, both representing 30% of X-Force incidence response engagements.

IBM
April 17, 2025
Initial accessPublic facing applicationValid account credentials

The top initial access vector observed in 2024 was a tie between exploitation of public facing applications and use of valid account credentials, both representing 30% of X-Force incidence response engagements. — This cybersecurity statistic was published by IBM in April 2025. It covers topics including Initial access, Public facing application, Valid account credentials. The original data appears in IBM X-Force 2025 Threat Intelligence Index. For the full methodology and detailed findings, refer to the original report.

Source

View Original Report

Published on 4/17/2025

Share or Copy this stat

Frequently Asked Questions

What does this statistic say?

The top initial access vector observed in 2024 was a tie between exploitation of public facing applications and use of valid account credentials, both representing 30% of X-Force incidence response engagements. This data was published by IBM and covers Initial access, Public facing application, Valid account credentials.

Where does this data come from?

This statistic comes from IBM X-Force 2025 Threat Intelligence Index, published by IBM on April 17, 2025. You can view the original report at https://www.ibm.com/account/reg/us-en/signup?formid=urx-53633.

What cybersecurity topics does this cover?

This statistic relates to Initial access, Public facing application, Valid account credentials. Browse more statistics on Initial access or from IBM .

Want More Statistics Like This?

Get the latest cybersecurity stats delivered to your inbox every week

Related Statistics

Comcast Business detected 4.7 billion phishing attempts, which specifically targeted human error and poor credential hygiene.

Comcast Business10/1/2025
Cyber threatPhishingInitial access

SCATTERED SPIDER moved from initial access to encryption by deploying ransomware in under 24 hours in one observed case

CrowdStrike8/4/2025
RansomwareInitial accessEncryption

DirectDefense mapped alerts to the MITRE ATT&CK® framework to identify the top five tactics. The top five tactics identified are: Initial Access, Persistence, Lateral Movement, Execution, and Credential Access.

DirectDefense4/15/2025
MITRE ATT&CKInitial accessPersistence

For Initial Access, the most observed technique by DirectDefense is Valid Accounts, which involves leveraging stolen credentials for unauthorized access. Alerts triggered for Initial Access include: First Ingress Authentication from Country, Multiple Country Ingress Authentications, Multiple Wireless Country Authentications.

DirectDefense4/15/2025
MITRE ATT&CKInitial accessValid accounts

The average time from initial access to domain control has shrunk to under two hours.

DirectDefense4/15/2025
Initial accessDomain control

Email was the preferred entry vector for cybercriminals, driving 43% of claims.

At-Bay4/10/2025
EmailCyber attackAttack vector

Browse by Topic

Initial accessPublic facing applicationValid account credentialsMore from IBM

Stay Ahead of Cyber Threats

Join 1,000+ security professionals getting weekly insights