Report: Identity Attacks Made Up 60% of 2024 Threats

Cisco Talos, one of the world’s most trusted threat intelligence teams, has released its annual report, ‘Cisco Talos 2024 Year in Review’, offering strategic insights into the evolving global cybersecurity landscape. The report, based on telemetry from over 46 million devices across 193 countries and regions—including the Middle East—analyses the most significant trends in threat actor behaviour, including identity attacks, ransomware, network vulnerabilities, and the role of artificial intelligence (AI) in cyber threats.

The findings reveal that in 2024, threat actors prioritised stealth and efficiency, leveraging simpler techniques rather than custom malware or zero-day vulnerabilities. Notably, identity-based attacks emerged as the dominant threat vector, while ransomware incidents increasingly exploited valid credentials to gain access.

Commenting on the report’s findings, Fady Younes, Managing Director for Cybersecurity at Cisco Middle East, Africa, Türkiye, Romania and CIS, stated: “The findings from Cisco Talos’ 2024 Year in Review highlight the critical need for a solid cybersecurity foundation. Cybercriminals are continually exploiting security gaps, demonstrating the essential nature of a proactive, identity-focused defence strategy. And with the emergence of remote and hybrid working models, implementing a Zero-Trust Network Access (ZTNA) strategy is key to ensuring that the correct security controls are in place while enhancing end-user experience. By staying aware of these evolving tactics, organisations can reinforce their security measures and more effectively shield themselves from new and emerging threats.”

To strengthen cybersecurity and protect against emerging threats, Cisco Talos shares five key recommendations: promptly install updates and patches; enforce strong authentication methods; implement best practices such as strict access controls, network segmentation, and employee training; encrypt all traffic for secure monitoring and configuration; and apply all security measures across the network infrastructure. By adopting these practices, organisations can build a more resilient security posture.

Top threats observed in 2024 include:

Identity-based attacks: These accounted for 60% of all Cisco Talos Incident Response (IR) cases, with Active Directory identified as a prime target, representing 44% of such incidents. Additionally, 20% of identity-based compromises affected cloud applications, with APIs proving particularly attractive due to their access to sensitive data.

Ransomware tactics: Last year, ransomware attacks continued to affect organisations globally, with attackers using valid accounts for initial access in nearly 70% of cases. Many ransomware operators successfully disabled security solutions, while the education sector was the most targeted industry due to budget constraints and extensive attack surfaces. LockBit remained the most active ransomware-as-a-service (RaaS) group for the third consecutive year, despite increased law enforcement efforts.

Exploitation of network vulnerabilities: A major concern in 2024 was the persistent exploitation of older vulnerabilities, particularly those affecting widely used software and hardware. Many of the top-targeted vulnerabilities impacted end-of-life (EOL) devices that no longer receive patches yet remain actively targeted by cybercriminals. The most frequently targeted vulnerabilities were older CVEs that have been public for several years.

Multi-Factor Authentication (MFA) abuse: MFA abuse was another prevalent attack vector during the year. Based on Cisco Duo data, identity and access management (IAM) applications were the most frequently targeted in MFA attacks, accounting for nearly a quarter of related incidents. This underscores the critical need for robust MFA implementations and vigilant monitoring of IAM systems.

AI-refined cyber threats: Despite speculation regarding AI-driven cyber threats, the report found that threat actors primarily used AI to enhance existing techniques. Improvements in social engineering tactics and task automation were the main applications of AI, rather than the creation of entirely new methods of attack.