▾ G11 Media Network: | ChannelCity | ImpresaCity | SecurityOpenLab | Italian Channel Awards | Italian Project Awards | Italian Security Awards | ...
InnovationOpenLab

DirectDefense Releases Annual Security Operations Threat Report Identifying Top Attack Tactics and Emerging Threats for 2025

DirectDefense, Inc., an information security services company, today released its “2025 Security Operations Threat Report” which identifies the type and frequency of threats, offers insight into a...

Business Wire

Growing focus on identity compromise by bad actors requires organizations to enforce zero trust principles and employ strong identity verification

DENVER: DirectDefense, Inc., an information security services company, today released its “2025 Security Operations Threat Report” which identifies the type and frequency of threats, offers insight into attacker behavior and the evolution of security threats, and forecasts the biggest threats to be aware of for the remainder of 2025.

In 2024, DirectDefense processed more than 10 million log events, ensuring rapid detection, response, and mitigation of potential cyber threats. The company discovered that adversaries have refined their techniques, blending social engineering with AI and automation to evade detection. DirectDefense mapped these alerts to the MITRE ATT&CK® framework to identify these top five tactics:

1. Initial Access – The Gateway to Compromise

  • Most Observed Technique: Valid Accounts – leveraging stolen credentials for unauthorized access.
  • Alerts Triggered: First Ingress Authentication from Country, Multiple Country Ingress Authentications, Multiple Wireless Country Authentications.

2. Persistence – Remaining Hidden in the Environment

  • Most Observed Technique: MFA Interception – attackers manipulating MFA settings to maintain access.
  • Alerts Triggered: New MFA Authenticator App Added, Account Manipulation.

3. Lateral Movement – Expanding Control Across the Network

  • Most Observed Technique: Valid Accounts – using stolen credentials to escalate privileges.
  • Alerts Triggered: Lateral Movement – Local Credentials.

4. Execution – Deploying Malicious Payloads

  • Most Observed Technique: Malicious File Execution – tricking users into running malware via phishing and social engineering.
  • Alerts Triggered: Malicious File Detected.

5. Credential Access – Harvesting Sensitive Authentication Data

  • Most Observed Technique: Brute Force – automated attacks on authentication systems.
  • Alerts Triggered: Account Lockout Events.

These attack tactics highlight a growing focus on identity compromise by bad actors, which requires organizations to enforce zero trust principles and employ strong identity verification for all access requests. Additionally, organizations should:

  • monitor identity-based events rigorously to detect anomalous MFA registrations and account modifications
  • restrict lateral movement by implementing network segmentation and least privilege access
  • enhance endpoint defenses through behavior-based detections and real-time anomaly detection
  • strengthen password policies and enforce MFA with phishing-resistant methods

Emerging threats for 2025

Based on these attack tactics, the DirectDefense team identified emerging threats that top the list for security concerns:

  • Faster and more sophisticated attacks: The average time from initial access to domain control has shrunk to under two hours, while ransomware deployment occurs in as little as six hours.
  • AI’s double-edged sword: While AI helps cut through security alert noise, attackers are also leveraging AI to craft more convincing phishing attempts, deepfake scams, and automated attacks.
  • Security vendor consolidation risks: Major vendors like Fortinet and Cisco faced security vulnerabilities in 2024, highlighting the risks of relying on broad, one-size-fits-all security solutions.
  • Cloud environment threats: Companies struggle to secure multi-cloud environments, making cloud posture assessment and monitoring more critical than ever.
  • Remote work and third-party risks: Attackers continue to exploit vulnerabilities in remote access tools and third-party vendors, necessitating stricter access controls and monitoring.

The report also highlights the growing threat to critical industries and the shift from ransomware to extortion tactics. The types of attack tactics vary year to year, but DirectDefense’s report reflects how the techniques and executions attackers use evolve over time.

“Attackers have honed their techniques to become faster and more powerful against a company’s defenses; conversely, security solutions are less able to withstand attacks on their own and need constant monitoring and tuning,” said Jim Broome, President and Chief Technology Officer for DirectDefense. “As adversaries refine their techniques, organizations need to stay ahead by adapting their security posture. It’s not just about responding to threats—it’s about anticipating and mitigating them before they cause harm.”

The full report can be found here.

Follow DirectDefense

LinkedIn: https://www.linkedin.com/company/directdefense/
X: https://x.com/direct_defense
Blog: https://www.directdefense.com/resources/blog/

About DirectDefense, Inc.

DirectDefense provides enterprise risk assessments, penetration testing, ICS/SCADA security services, and 24/7 managed security services for companies of all sizes. Focused on building security resiliency, the firm offers comprehensive security testing services with specialization in application security, vulnerability assessments, penetration testing, and compliance assurance testing. Its team of highly talented consultants has worked with the majority of the Fortune 100 companies, in industries such as power and utility, gaming, retail, financial, media, travel, aerospace, healthcare, and technology. More information can be found at www.directdefense.com.

Fonte: Business Wire

If you liked this article and want to stay up to date with news from InnovationOpenLab.com subscribe to ours Free newsletter.

Related news

Last News

RSA at Cybertech Europe 2024

Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…

Italian Security Awards 2024: G11 Media honours the best of Italian cybersecurity

G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes

How Austria is making its AI ecosystem grow

Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries

Sparkle and Telsy test Quantum Key Distribution in practice

Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…

Most read

Red Hat Optimizes Red Hat AI to Speed Enterprise AI Deployments Across…

Red Hat, the world's leading provider of open source solutions, today continues to deliver customer choice in enterprise AI with the introduction of Red…

U.S. Data Center Construction Market Outlook Report 2025-2030 Featuring…

The "U.S. Data Center Construction Market - Industry Outlook & Forecast 2025-2030" report has been added to ResearchAndMarkets.com's offering. The…

J.D. Power Names Joshua Peirez New CEO

J.D. Power today announced that Joshua Peirez will assume the role of President and CEO of J.D. Power, guiding the company in its next phase of growth…

IMVARIA Reports Multi-Site Clinical Experience With FDA-Authorized AI…

#ATS--IMVARIA Inc., a health tech company pioneering AI-driven digital biomarker solutions, today reported results from multi-site clinical experiences…

Newsletter signup

Join our mailing list to get weekly updates delivered to your inbox.

Sign me up!