Listen to this Post
Introduction
Phishing has long been a primary method for cybercriminals to gain initial access to systems, but the latest trends show a significant shift in tactics. According to Mandiant’s M-Trends 2025 Report, the landscape of cyberattacks in 2024 has evolved dramatically, with phishing no longer leading the charge. This shift reflects a broader trend towards more sophisticated attack methods, such as credential theft and vulnerability exploitation, as the tools and techniques of cybercriminals become increasingly advanced. In this article, we will break down these findings, explore the rise of infostealers and insider threats, and discuss the impact on organizations’ cybersecurity strategies.
Key Trends in 2024 Cyberattacks
In 2024, phishing has fallen significantly as a method of initial access. In fact, the rate of phishing attacks dropped from 22% in 2022 to just 14% in 2024, marking a continued decline. In contrast, vulnerability exploitation emerged as the dominant method, responsible for 33% of all initial access incidents, though this was a slight decrease from 38% in 2023.
Another significant development was the increase in attacks using stolen credentials, which rose from 10% in 2023 to 16% in 2024. This made it the second most common form of initial access, reflecting how attackers have adapted to new tools for obtaining credentials, such as purchasing leaked credentials from underground markets, exploiting massive data leaks, and using malware like keyloggers and infostealers to harvest login details.
One particularly alarming trend is the increase in insider threats, accounting for 5% of attacks. This was particularly notable with a surge in attacks tied to fake North Korean IT worker campaigns, which targeted organizations by leveraging trust and manipulating employees into handing over sensitive data.
Infostealers: The Growing Threat
Infostealers, a type of malware that gathers sensitive user data, have become one of the most concerning threats for organizations in 2024. Unlike phishing or credential stuffing, infostealers can collect a wide range of personal and corporate information from a single device. This is especially problematic when employees use personal devices for work, as these devices often fall outside the scope of corporate security measures.
One prominent example of infostealer attacks occurred in April 2024, when multiple customers of Snowflake, a cloud data warehousing platform, were compromised. In this instance, the attackers deployed infostealer malware on employees’ or contractors’ devices, which were then used to access Snowflake customer instances. The malware variants used included Vidar, Resepro, Redline, and several others, which are known for their ability to steal everything from credentials and browser data to cryptocurrency wallets.
Phishing Still Dominates Cloud Attacks
While phishing has decreased in general, it remains the most common initial access vector for cloud environments, making up 39% of attacks in 2024. This is followed by stolen credentials at 35%, SIM swapping at 6%, and voice phishing (vishing) also at 6%. Despite the decline in phishing overall, these figures highlight its continued prominence in cloud-based attacks.
The primary goal of these attacks was data theft, which occurred in roughly 66% of cases. Given the prevalence of phishing, Mandiant researchers stressed the importance of using adversary-in-the-middle (AiTM)-resistant multi-factor authentication (MFA) solutions, such as hardware security keys and mobile authenticator apps, to defend against these attacks.
Rise in Financially Motivated Attacks
Another key finding of the M-Trends 2025 Report was the steady increase in financially motivated attacks. In 2024, 55% of tracked threat groups were motivated by financial gain, up from 52% in 2023. This underscores the growing focus on economic rewards, rather than political or espionage-driven motives.
The financial sector remained the most targeted industry, with 17.4% of attacks directed at financial organizations. Other industries at high risk included business services, high-tech companies, government, and healthcare. These trends align with those observed in previous years, indicating a consistent targeting strategy by threat actors.
What Undercode Says:
The findings in
The rise of infostealers is particularly concerning. Unlike phishing, which typically targets a single set of credentials or an individual organization, infostealers can collect a wide range of data from infected devices. This makes them incredibly effective for cybercriminals seeking to compromise multiple systems or gather large-scale information. The fact that infostealers often evade traditional enterprise security solutions—especially when personal devices are used for work—presents a growing challenge for organizations. Businesses must reevaluate their security policies, including endpoint security for employee devices, to counter these threats effectively.
Another trend worth noting is the continued prominence of insider threats. While not as widespread as external attacks, insider threats, particularly those facilitated by fake IT worker campaigns, represent a unique challenge. Insider threats can be difficult to detect, as they often involve individuals who already have legitimate access to sensitive systems and data.
Despite the reduced role of phishing in overall cyberattacks, its dominance in cloud environments shows that organizations must remain vigilant. Cloud services are an attractive target for cybercriminals because of their scale and importance to businesses. Cloud-based attacks often have far-reaching consequences, as seen in cases of data theft.
Lastly, the steady rise in financially motivated attacks is a reminder of the economic incentives driving much of today’s cybercrime. Financially motivated cybercriminals are constantly adapting their methods to exploit new vulnerabilities and capitalize on emerging technologies. This trend further underscores the importance of implementing robust security measures, especially in industries like finance and healthcare, where the stakes are particularly high.
Fact Checker Results
The data in Mandiant’s M-Trends 2025 Report is consistent with findings from previous years, reinforcing the trends seen in 2023. Phishing’s decline, the rise in credential theft, and the focus on infostealers align with global cyberattack patterns observed across various industries. The increase in financially motivated attacks confirms the growing trend of cybercrime driven by financial gain.
References:
Reported By: www.infosecurity-magazine.com
Extra Source Hub:
https://www.stackexchange.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
