The annual report from Cisco Talos has shown that the education sector was the most targeted industry for cyberattacks in the last 12 months.
Unsurprisingly, identity-based attacks emerged as the most dominant threat, accounting for 60% of Cisco Talos incident response cases in 2024.
The report, based on telemetry from over 46 million global devices across 193 countries and regions, including the Middle East, analyses the most significant trends in threat actor behavior, including identity attacks, ransomware, network vulnerabilities, and the role of artificial intelligence (AI) in cyber threats.
The findings reveal that in 2024, threat actors prioritized stealth and efficiency, leveraging simpler techniques rather than custom malware or zero-day vulnerabilities. Notably, identity-based attacks emerged as the dominant threat vector, while ransomware incidents increasingly exploited valid credentials to gain access.
Commenting on the report’s findings, Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS, stated: “The findings from Cisco Talos’ 2024 Year in Review highlight the critical need for a solid cybersecurity foundation. Cybercriminals are continually taking advantage of security gaps, demonstrating the essential nature of a proactive, identity-focused defense strategy. And with the emergence of remote and hybrid working models, implementing a Zero-Trust Network Access (ZTNA) strategy is key to ensure that the correct security controls are in place while enhancing end-user experience. By staying aware of these evolving tactics, organizations can reinforce their security measures and more effectively shield themselves from new and emerging threats.”
To strengthen cybersecurity and protect against emerging threats, Cisco Talos shares five key recommendations: promptly install updates and patches, enforce strong authentication methods, implement best practices such as strict access controls, network segmentation, and employee training, encrypt all traffic for secure monitoring and configuration, and apply all security measures across the network infrastructure.
By adopting these practices, organizations can build a more resilient security posture.
Top threats observed in 2024 include:
Identity-based attacks: These attacks accounted for 60% of all Cisco Talos Incident Response (IR) cases, with Active Directory identified as a prime target, representing 44% of such incidents. Additionally, 20% of identity-based compromises affected cloud applications, with APIs being particularly attractive due to their access to sensitive data.
Ransomware tactics: Last year, ransomware attacks continued to impact organizations globally, with attackers using valid accounts for initial access in nearly 70% of cases. Many ransomware operators successfully disabled security solutions, while the education sector was the most targeted industry due to budget constraints and extensive attack surfaces. Additionally, LockBit remained the most active ransomware-as-a-service (RaaS) group for the third consecutive year, despite increased law enforcement efforts.
Exploitation of Network Vulnerabilities: A major concern in 2024 was the persistent exploitation of older vulnerabilities, particularly those affecting widely used software and hardware. Many of the top-targeted network vulnerabilities impacted end-of-life (EOL) devices that no longer receive patches yet remain actively targeted by cybercriminals. The most frequently targeted vulnerabilities were older CVEs that have been public for several years.
Multi-Factor Authentication (MFA) Abuse: Multi-factor authentication (MFA) abuse was another prevalent attack vector during the year. Based on Cisco Duo data, identity and access management (IAM) applications were the most frequently targeted in MFA attacks, accounting for nearly a quarter of related incidents. This highlights the critical need for robust MFA implementations and vigilant monitoring of IAM systems.
AI-Refined Cyber Threats: Despite industry speculation regarding AI-driven cyber threats, the report found that threat actors primarily used AI to refine existing techniques. Enhancements in social engineering tactics and task automation were the primary applications of AI, rather than the development of entirely new methods of attack.
Cisco Talos’ 2024 Year in Review provides valuable insights for cybersecurity professionals and organizations looking to enhance their defense strategies. By identifying key trends and offering actionable recommendations, the report serves as a critical resource for mitigating emerging cyber threats.
For more information, please visit https://talosintelligence.com/
