Attackers focus on evasion by avoiding detection technologies to maintain network persistence for as long as possible. They target edge devices or use vulnerabilities in security and other solutions prevalent throughout enterprises. Of the incidents where the initial intrusion vector was identified, 38% started with an exploit and 17% with phishing.
Other key takeaways in this report include:
- Evolving phishing trends include attackers’ use of social media, SMS, and other communications technologies.
- Tactics to bypass multi-factor authentication, such as adversary-in-the-middle and other techniques.
- Cloud intrusion trends include targeting cloud infrastructure and attacker use of cloud resources.
- Use of AI in red and purple team engagements, focusing on how new technologies can help produce better outcomes for organizations.
In 2023, they most frequently responded to intrusions in order were:
- financial services organizations
- business and professional services
- high tech
- retail
- hospitality
- healthcare.