Preloader

A New Tactic by Cybercriminals

A New Tactic by Cybercriminals

A New Tactic by Cybercriminals

A New Tactic by Cybercriminals: Combining Artificial Intelligence and Social Engineering Top 5 Attack Tactics

🔹 Initial Access
Still the most common method, accounting for over 27% of alerts. In 2024, attackers frequently abused legitimate accounts using stolen credentials to gain unauthorized access to systems.

🔹 Persistence
To maintain their access to compromised networks, attackers use evasion techniques to avoid detection. This tactic was observed in 17% of incidents.

🔹 Lateral Movement
After breaching a system, attackers move laterally across the network to escalate access and reach sensitive data. This represents 10% of alerts and often involves the use of legitimate credentials.

🔹 Malicious Code Execution
Focuses on executing malicious code to expand access or disrupt business operations. The T1204 technique (user execution) is commonly used—typically via phishing emails, malicious downloads, and PowerShell-based attacks.

🔹 Credential Access
Attackers steal or crack credentials to deepen their access. Brute Force attacks (T1110) were seen in 6% of incidents, often indicated by account lockout events.

Ransomware Deployment Time Reduced to Hours

Major companies like Fortinet and Cisco often acquire other security firms to strengthen their solutions. However, such mergers can introduce new security risks for clients. In 2024, more than 100 new vulnerabilities (CVEs) were reported daily.

Attackers have refined their strategies, reducing the average time from initial breach to full network control to under 2 hours. What once took days for ransomware deployment now takes less than a day—sometimes just 6 hours. This rapid timeline leaves many companies unprepared.

Where attackers once avoided sectors like healthcare, utilities, and critical infrastructure, in 2024, they now aggressively target all industries. For instance, American Water—the largest drinking water and wastewater provider in the U.S.—was attacked.

AI Benefits Come with New Security Risks

In the past, ransomware was often the final objective. Now, attackers use it to steal data first, then deploy ransomware as a “signature” of the attack.

Organizations must balance the advantages of AI with its risks. Integrating AI expands the attack surface and increases the likelihood of data leaks or theft. Cybercriminals are leveraging AI so efficiently that traditional employee training may quickly become obsolete.

AI enables attackers to bypass typical phishing cues such as grammar mistakes, odd phrasing, or irrelevant content. They now combine social engineering, AI, and automation to evade detection.

Challenges in Monitoring Remote Workers

Many organizations still struggle to monitor remote employees, and the cost of rigorous oversight is too high for some.

Jim Broome, CTO of DirectDefense, notes:

“Attackers are evolving their techniques faster and more aggressively, while standalone security solutions can’t keep up. They require constant tuning and monitoring. Companies must adjust their security posture to stay one step ahead. It’s not just about reacting to threats—it’s about anticipating and neutralizing them before damage occurs.”

Source: Medadpress
www.medadpress.ir