UPDATED 06:00 EDT / MARCH 31 2025

SECURITY

Cisco Talos report finds identity-based attacks drove majority of cyber incidents in 2024

A new report out today from Cisco Talos, a cybersecurity company that’s part of Cisco Systems Inc., found that in 2024, cybercriminals didn’t need zero-days or custom malware to wreak havoc: They just logged in, with identity-based attacks, misused legitimate tools and and years-old vulnerabilities driving the majority of security incidents last year.

The findings come from the Talos 2024 Year in Review report, based on telemetry from more than 46 million devices across 193 countries and regions, analyzing more than 886 billion security events daily. The report found that identity attacks were involved in 60% of incidents, showing up in every phase of the attack lifecycle.

Attackers were often found to use valid credentials and native tools, not flashy new malware. Where identity wasn’t involved, old vulnerabilities were exploited, some decades old. For ransomware and multifactor authentication bypass, identity was the lead access path.

Identity was central across all attack phases: access, escalation, lateral movement and persistence. Of identity-based incidents, Active Directory was targeted in 44% of cases, while cloud application programming interface compromises accounted for 20% of identity-related incidents.

Identity-based attack motivations included ransomware at 50%, credential harvesting and resale at 32%, espionage at 10%, and financial fraud at 8%.

Facilitating identity-based attacks was a weakness in MFA, which was the top-observed security issue when it came to these sorts of attacks. Common MFA failures included having no MFA on virtual private networks, MFA exhaustion/push fatigue — where attackers flood a user’s device with repeated multi-factor authentication prompts in hopes the user will eventually approve one out of frustration or confusion — and improper enrollment monitoring.

MFA attacks often targeted identity and access management systems such as those from Citrix Systems Inc., Microsoft Corp. and Fortinet Inc.

Other findings in the report included that threat actors’ use of artificial intelligence was limited in 2024, with AI mainly being used to enhance social engineering and automation. Generative AI was also used for phishing campaigns, email lures and voice deepfakes.

The increasing adoption and expansion of capabilities from AI and large language models is noted in the report as presenting increasing concerns in 2025, specifically as agentic AI becomes capable of autonomous operations and as automated vulnerability discovery and exploitation become more common. AI systems themselves are noted as becoming more likely to be targeted, particularly as they are rolled out in supply chain pipelines.

Image: SiliconANGLE/Reve

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.