Year in Review: Attacks on identity and MFA

Year in Review: Attacks on identity and MFA

/in

Year in Review: Attacks on identity and MFA

For our third focussed topic for Talos’ 2024 Year in Review, we tell the story of how identity has become the pivot point for adversarial campaigns.

The main themes of this story are credential abuse, Active Directory exploits, and MFA workarounds. Valid account details was the #1 way attackers got in, and nearly half of identity attacks involved poking at AD. We also look at common MFA missteps (like no enrollment or misconfigured policies) and break down how attackers are bypassing protections with techniques like push fatigue and password spraying.

Take a look at this short but data-rich overview of identity attacks. For defenders, it may be able to help you to identify gaps in MFA implementations, understand the operational tradecraft attackers are using post-authentication, and how to align your defenses with what’s being seen in the wild.

Summary of Attacks on Identity and Multi Factor Authentication
Data that explores the types of identity attacks seen in the wild
2024YiR identity mfa.pdf
2 MB
download-circle

For a 60 second overview, have a watch of this video:

For the full analysis, download Talos’ 2024 Year in Review today.

Cisco Talos Blog – ​Read More

PE32 Ransomware: A New Telegram-Based Threat on the Rise PE32 Ransomware: A New Telegram-Based Threat on the Rise Microsoft Entra ID Lockouts After MACE App Flags Legit Users