FlagThis

A new report from Cisco Talos reveals that identity-based attacks were the dominant form of cyber incident in 2024, accounting for 60% of all incidents. Cybercriminals are increasingly relying on compromised user accounts and credentials rather than sophisticated malware or zero-day exploits. This shift highlights a significant weakness in enterprise security, with attackers finding it easier and safer to log in using stolen credentials than to deploy more complex attack methods. These attacks targeted Active Directory in 44% of cases and leveraged cloud application programming interfaces in 20% of attacks.

This trend is further exacerbated by weaknesses in multi-factor authentication (MFA). Common MFA failures observed included the absence of MFA on virtual private networks, MFA exhaustion/push fatigue, and improper enrollment monitoring. The primary motivations behind these identity-based attacks were ransomware (50%), credential harvesting and resale (32%), espionage (10%), and financial fraud (8%). These incidents underscore the critical need for organizations to bolster their identity and access management strategies, including stronger password policies, robust MFA implementations, and enhanced monitoring of Active Directory environments.

ImgSrc: cyberscoop.com

References :

• Threats | CyberScoop: Identity lapses ensnared organizations at scale in 2024
• SiliconANGLE: Cisco Talos report finds identity-based attacks drove majority of cyber incidents in 2024
• www.scworld.com: Sixty percent of cybersecurity incidents around the world last year were identity-based intrusions, with identity targeting being prominent across all attack stages, SiliconAngle reports.

Classification:

• HashTags: #Cybersecurity #IdentityTheft #ZeroTrust
• Company: Cisco
• Target: Enterprises
• Attacker: Cisco Talos
• Product: Security
• Feature: Identity-based intrusions
• Type: News
• Severity: Major