For our third focussed topic for Talos' 2024 Year in Review, we tell the story of how identity has become the pivot point for adversarial campaigns.
The main themes of this story are credential abuse, Active Directory exploits, and MFA workarounds. Valid account details was the #1 way attackers got in, and nearly half of identity attacks involved poking at AD. We also look at common MFA missteps (like no enrollment or misconfigured policies) and break down how attackers are bypassing protections with techniques like push fatigue and password spraying.
Take a look at this short but data-rich overview of identity attacks. For defenders, it may be able to help you to identify gaps in MFA implementations, understand the operational tradecraft attackers are using post-authentication, and how to align your defenses with what’s being seen in the wild.
For a 60 second overview, have a watch of this video:
For the full analysis, download Talos' 2024 Year in Review today.