Cisco Talos Blog: Year in Review: Attacks on identity and MFA

Apr 22, 2025

—

Source URL: https://blog.talosintelligence.com/year-in-review-attacks-on-identity-and-mfa/
Source: Cisco Talos Blog
Title: Year in Review: Attacks on identity and MFA

Feedly Summary: For the third topic for Talos’ 2024 Year in Review, we tell the story of how identity has become the pivot point for adversarial campaigns.

AI Summary and Description: Yes

**Summary:** The text discusses identity as a crucial factor in adversarial campaigns, specifically focusing on credential abuse, Active Directory (AD) exploits, and weaknesses in multi-factor authentication (MFA). It emphasizes the prevalence of identity attacks, the methods used by attackers, and provides actionable insights for defenders to strengthen their MFA implementations.

**Detailed Description:** The text centers on identity attacks in 2024, presenting valuable data and insights critical for security professionals, particularly in the context of cloud computing security and information security.

Key points include:

– **Identity as a Target:**
– Identity has emerged as a primary target for cyber adversaries.
– The analysis indicates that valid account details are the most significant entry point for attackers.

– **Credential Abuse and Active Directory Exploits:**
– Credential abuse remains a prevalent method for unauthorized access.
– Almost half of the identity attacks analyzed involved exploiting Active Directory.

– **Multi-Factor Authentication Vulnerabilities:**
– Common missteps in MFA usage include:
– Lack of enrollment in MFA solutions.
– Misconfigured policies that fail to enforce proper security measures.
– Attackers are employing tactics such as “push fatigue” (where multiple authentication requests overwhelm users) and “password spraying” (successfully guessing passwords across many accounts).

– **Actionable Insights for Defenders:**
– The analysis aims to help security practitioners identify gaps in their MFA implementations.
– Insights into the operational techniques used by attackers post-authentication are provided, which can guide defenders in aligning their security measures with current threats observed in real-world scenarios.

This overview is crucial for security professionals who need to adapt their strategies in response to evolving attack vectors, particularly in the domain of identity and access management. The content underscores the importance of maintaining robust MFA practices and continuously monitoring and refining policies to mitigate risks associated with identity exploitation.

2 2024 24 4 a abuse access access management account Act actionable insights Active Directory Active Directory exploits adversarial AI analysis and Aria art as attack attack vector attack vectors attackers attacks authentication by C campaigns CI CIA Cisco Cisco Talos Cloud cloud computing cloud computing security co Computing content Context core credential credential abuse critical cross Current cyber cyber adversaries D data de Defender domain e end evolving attack vectors exp exploit Exploitation exploits fact factor authentication factor authentication (MFA) fail for full g Gen H HR http HTTPS identity Identity and Access Management identity attacks implementation in information information security insights Intel intelligence iOS k Key l led Li llm lm M man management measures MFA Monitor monitoring multi multi-factor authentication Multi-Factor Authentication (MFA) N o of on one operation operational techniques ory over passwords point policies post pre professionals Q R rate Ray RCE real Real-World Scenarios red response Risk risks Ro RSA s sec security security measure security measures Security Practitioners security professionals Sig size SoC solutions source specific SSE SSO T tactics Tails Talos tech techniques text the third threat threats to Tor TP UI unauthorized access under US usage use user Users uth V val vectors vulnerabilities Wi world world scenarios x