Identity-based Attacks Account for 60% of Leading Cyber Threats, Report Finds

The report notes that many successful breaches involved years-old common vulnerabilities and exposures (CVEs).

MITSloan ME Editorial Reading Time: 2 Min 

Topics

  • News

    1. Identity-based Attacks Account for 60% of Leading Cyber Threats, Report Finds

    2. CERN and Pure Storage Partner to Power Data Innovation in High-Energy Physics

    3. CyberArk Launches New Machine Identity Security Platform to Protect Cloud Workloads

    4. Why Cloud Security Is Breaking — And How Leaders Can Fix It

    5. IBM z17 Mainframe to Power AI Adoption at Scale

    6. Global GenAI Spending to Hit $644 Billion by 2025, Gartner Projects

    • [Image source: Krishna Prasad/MITSMR Middle East]

    In 2024, threat actors focused on stealth and simplicity, often using legitimate credentials instead of advanced malware or zero-day exploits. Identity-based attacks became the top threat vector, while ransomware groups increasingly exploited valid accounts to breach systems.

    Cisco Talos’ 2024 Year in Review report offered insights into the evolving cybersecurity landscape. Based on data from over 46 million devices across 193 countries and regions, including the Middle East, the report highlights major trends such as identity-based threats, ransomware, network vulnerabilities, and the role of AI in cyberattacks.

    Commenting on the findings, Fady Younes, Managing Director for Cybersecurity at Cisco across the Middle East, Africa, Türkiye, Romania, and CIS, said: “The findings from Cisco Talos’ 2024 Year in Review highlight the critical need for a solid cybersecurity foundation. Cybercriminals are continually taking advantage of security gaps, demonstrating the essential nature of a proactive, identity-focused defense strategy.”

    The New Face of Cyber Threats

    According to the report, identity-based attacks accounted for 60% of all Incident Response (IR) cases. In particular, Active Directory—the backbone of many organizations’ authentication processes—was targeted in 44% of these incidents. Cloud applications and APIs also proved attractive, with 20% of identity compromises linked to them.

    Ransomware remained a persistent menace, though the tactics evolved. Attackers increasingly relied on valid credentials to gain initial access—in nearly 70% of ransomware cases. Once inside, threat actors disabled security tools before launching attacks, exploiting gaps in organizations’ defensive layers.

    The education sector emerged as the top target for ransomware campaigns, often due to budget limitations and sprawling attack surfaces. Meanwhile, LockBit continued its reign as the most active ransomware-as-a-service (RaaS) operator, despite intensified global law enforcement actions.

    Another concerning trend: attackers are exploiting old vulnerabilities at an alarming rate. Cisco Talos notes that many successful breaches involved years-old common vulnerabilities and exposures (CVEs), particularly those affecting end-of-life devices that no longer receive patches—a reminder that outdated infrastructure remains a high-risk liability.

    MFA Isn’t a Silver Bullet

    Multi-Factor Authentication (MFA), once considered a gold standard for account security, also faced new challenges.

    Based on Cisco Duo data, identity and access management (IAM) applications were the most frequently targeted in MFA abuse cases, representing nearly a quarter of related incidents.

    AI in Cybercrime

    While 2024 saw explosive interest in the role of artificial intelligence in cybersecurity, the report finds that attackers are not yet deploying novel AI-driven exploits. Instead, AI is primarily being used to refine existing techniques—especially enhancing social engineering campaigns and automating tasks that streamline attacks.

    The reality is less science fiction and more practical optimization: threat actors are becoming more efficient, not necessarily more groundbreaking.

    Building a Resilient Defense

    In response to these trends, Cisco Talos offers five strategic recommendations for organizations looking to strengthen their cybersecurity posture:

    • Install updates and patches promptly to mitigate known vulnerabilities.
    • Enforce strong authentication methods, including careful MFA deployment.
    • Implement best practices like strict access controls, network segmentation, and regular employee security training.
    • Encrypt all network traffic to safeguard communications.
    • Apply security measures consistently across all layers of the IT infrastructure.

    Topics

    About the Author


    View More

    Tags:

    More Like This

    You must to post a comment.

    First time here? : Comment on articles and get access to many more articles.