▾ G11 Media Network: | ChannelCity | ImpresaCity | SecurityOpenLab | Italian Channel Awards | Italian Project Awards | Italian Security Awards | ...
InnovationOpenLab

DirectDefense Releases Annual Security Operations Threat Report Identifying Top Attack Tactics and Emerging Threats for 2025

DirectDefense, Inc., an information security services company, today released its “2025 Security Operations Threat Report” which identifies the type and frequency of threats, offers insight into a...

Business Wire

Growing focus on identity compromise by bad actors requires organizations to enforce zero trust principles and employ strong identity verification

DENVER: DirectDefense, Inc., an information security services company, today released its “2025 Security Operations Threat Report” which identifies the type and frequency of threats, offers insight into attacker behavior and the evolution of security threats, and forecasts the biggest threats to be aware of for the remainder of 2025.

In 2024, DirectDefense processed more than 10 million log events, ensuring rapid detection, response, and mitigation of potential cyber threats. The company discovered that adversaries have refined their techniques, blending social engineering with AI and automation to evade detection. DirectDefense mapped these alerts to the MITRE ATT&CK® framework to identify these top five tactics:

1. Initial Access – The Gateway to Compromise

  • Most Observed Technique: Valid Accounts – leveraging stolen credentials for unauthorized access.
  • Alerts Triggered: First Ingress Authentication from Country, Multiple Country Ingress Authentications, Multiple Wireless Country Authentications.

2. Persistence – Remaining Hidden in the Environment

  • Most Observed Technique: MFA Interception – attackers manipulating MFA settings to maintain access.
  • Alerts Triggered: New MFA Authenticator App Added, Account Manipulation.

3. Lateral Movement – Expanding Control Across the Network

  • Most Observed Technique: Valid Accounts – using stolen credentials to escalate privileges.
  • Alerts Triggered: Lateral Movement – Local Credentials.

4. Execution – Deploying Malicious Payloads

  • Most Observed Technique: Malicious File Execution – tricking users into running malware via phishing and social engineering.
  • Alerts Triggered: Malicious File Detected.

5. Credential Access – Harvesting Sensitive Authentication Data

  • Most Observed Technique: Brute Force – automated attacks on authentication systems.
  • Alerts Triggered: Account Lockout Events.

These attack tactics highlight a growing focus on identity compromise by bad actors, which requires organizations to enforce zero trust principles and employ strong identity verification for all access requests. Additionally, organizations should:

  • monitor identity-based events rigorously to detect anomalous MFA registrations and account modifications
  • restrict lateral movement by implementing network segmentation and least privilege access
  • enhance endpoint defenses through behavior-based detections and real-time anomaly detection
  • strengthen password policies and enforce MFA with phishing-resistant methods

Emerging threats for 2025

Based on these attack tactics, the DirectDefense team identified emerging threats that top the list for security concerns:

  • Faster and more sophisticated attacks: The average time from initial access to domain control has shrunk to under two hours, while ransomware deployment occurs in as little as six hours.
  • AI’s double-edged sword: While AI helps cut through security alert noise, attackers are also leveraging AI to craft more convincing phishing attempts, deepfake scams, and automated attacks.
  • Security vendor consolidation risks: Major vendors like Fortinet and Cisco faced security vulnerabilities in 2024, highlighting the risks of relying on broad, one-size-fits-all security solutions.
  • Cloud environment threats: Companies struggle to secure multi-cloud environments, making cloud posture assessment and monitoring more critical than ever.
  • Remote work and third-party risks: Attackers continue to exploit vulnerabilities in remote access tools and third-party vendors, necessitating stricter access controls and monitoring.

The report also highlights the growing threat to critical industries and the shift from ransomware to extortion tactics. The types of attack tactics vary year to year, but DirectDefense’s report reflects how the techniques and executions attackers use evolve over time.

“Attackers have honed their techniques to become faster and more powerful against a company’s defenses; conversely, security solutions are less able to withstand attacks on their own and need constant monitoring and tuning,” said Jim Broome, President and Chief Technology Officer for DirectDefense. “As adversaries refine their techniques, organizations need to stay ahead by adapting their security posture. It’s not just about responding to threats—it’s about anticipating and mitigating them before they cause harm.”

The full report can be found here.

Follow DirectDefense

LinkedIn: https://www.linkedin.com/company/directdefense/
X: https://x.com/direct_defense
Blog: https://www.directdefense.com/resources/blog/

About DirectDefense, Inc.

DirectDefense provides enterprise risk assessments, penetration testing, ICS/SCADA security services, and 24/7 managed security services for companies of all sizes. Focused on building security resiliency, the firm offers comprehensive security testing services with specialization in application security, vulnerability assessments, penetration testing, and compliance assurance testing. Its team of highly talented consultants has worked with the majority of the Fortune 100 companies, in industries such as power and utility, gaming, retail, financial, media, travel, aerospace, healthcare, and technology. More information can be found at www.directdefense.com.

Fonte: Business Wire

If you liked this article and want to stay up to date with news from InnovationOpenLab.com subscribe to ours Free newsletter.

Related news

Last News

RSA at Cybertech Europe 2024

Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…

Italian Security Awards 2024: G11 Media honours the best of Italian cybersecurity

G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes

How Austria is making its AI ecosystem grow

Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries

Sparkle and Telsy test Quantum Key Distribution in practice

Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…

Most read

Claritev Further Strengthens Leadership Team as Part of Business Transformation…

$CTEV #CTEV--Claritev Corporation (“Claritev” or the “Company”) (NYSE: CTEV), a technology, data and insights company focused on making healthcare more…

Hawk Recognized as a Strong Performer in Anti-Money Laundering Solutions…

Hawk, the leading provider of AI-powered anti-money laundering (AML), screening and fraud prevention solutions, has today announced that it has been recognized…

B2B E-Commerce Market, Marketplaces and Payments Trends Report 2024: AI,…

The "B2B E-Commerce Market, Marketplaces and Payments Trends 2024" report has been added to ResearchAndMarkets.com's offering. AI, blockchain, and SaaS…

ISG to Assess Workday Ecosystem Providers in the U.S., Europe and APAC

#AI--Information Services Group (ISG) (Nasdaq: III), a global AI-centered technology research and advisory firm, has launched a research study examining…

Newsletter signup

Join our mailing list to get weekly updates delivered to your inbox.

Sign me up!