Riyadh: Cisco Talos, one of the world’s leading threat intelligence teams, has released its annual report, Cisco Talos 2024 Year in Review, revealing a significant rise in identity-based cyberattacks and the evolving strategies of threat actors.
According to the report, identity-based attacks accounted for 60% of all incident response cases handled by Cisco Talos in 2024.
Nearly 70% of ransomware incidents involved the use of valid credentials, underlining a growing trend of attackers leveraging legitimate accounts for initial access rather than relying on complex malware or zero-day vulnerabilities.
The education sector emerged as the most targeted industry, largely due to limited cybersecurity budgets and broad attack surfaces.
Active Directory was the most common target in identity-based breaches, making up 44% of such incidents, while 20% involved cloud applications particularly APIs, which offer access to sensitive data.
The report highlights other key threats, including: MFA abuse, Nearly a quarter of multi-factor authentication attacks targeted identity and access management applications, stressing the need for stronger implementations and vigilant monitoring.
Ransomware trends, LockBit remained the most active ransomware-as-a-service (RaaS) group for the third consecutive year, Exploitation of older vulnerabilities, Cybercriminals continued to exploit known flaws in end-of-life systems and AI in cybercrime, AI was primarily used to enhance social engineering and automate existing attack methods.
Fady Younes, Managing Director for Cybersecurity at Cisco (Middle East, Africa, Türkiye, Romania, and CIS), emphasized the importance of adopting proactive strategies like Zero-Trust Network Access (ZTNA) in response to evolving threats.
To counter these trends, Cisco Talos recommends organizations: Install updates and security patches promptly, Enforce strong authentication and access controls, Train employees on best cybersecurity practices, Encrypt all network traffic and Apply security measures across all systems
The report, based on telemetry from over 46 million devices across 193 countries, serves as a critical guide for organizations looking to build resilient, identity-focused cybersecurity frameworks.
