In response to the increasing focus on stealing identities by cyber attackers, companies are being urged to embrace zero trust principles and carefully verify user identities, according to DirectDefense.
Researchers at the organization have conducted a thorough analysis of thousands of alerts, aligning them with the MITRE ATT&CK framework, which serves as a comprehensive knowledge base of adversary tactics and techniques based on real-world observations.
Among the top five attack tactics identified, initial access emerged as the most prevalent adversarial tactic, accounting for over 27% of escalated alerts. Threat actors in 2024 consistently exploited valid accounts to gain unauthorized access to systems, often by utilizing stolen credentials.
In addition, adversaries are increasingly prioritizing persistence within compromised networks to maintain access despite detection efforts, with persistence tactics being utilized in 17% of escalated cases. Lateral movement, which involves moving laterally within a compromised network to escalate privileges and access sensitive data, accounted for 10% of escalated alerts. Adversaries also focused on execution tactics, such as running malicious code within an environment to expand access or impact business operations, with malicious file execution being a commonly exploited technique.
Moreover, credential access tactics, including stealing or cracking authentication credentials to escalate privileges or facilitate further attacks, were observed in 6% of escalated cases, with brute force attacks being a prominent technique.
As ransomware timelines have significantly shrunk to mere hours, threat actors have become more efficient in deploying ransomware, with some incidents occurring in as few as six hours. This heightened speed from initial access to full control of a domain environment poses a significant challenge for organizations, as they struggle to respond effectively within such short timeframes.
Notably, attackers have expanded their targets to include industries previously considered off-limits, such as healthcare, utilities, and critical infrastructures. The increased deployment of AI by threat actors has further complicated the cybersecurity landscape, with AI now being utilized to bypass traditional detection methods and enhance social engineering tactics.
In light of these evolving threats, companies must reassess their cybersecurity strategies and remain vigilant in adapting to the changing tactics employed by malicious actors. By staying ahead of the curve and anticipating potential threats, organizations can better protect their systems and data from cyber attacks.