Really good Sophos report on data from IR cases they deal with (mostly going to be crimeware due to their customer base, i.e. real operationally disruptive threat actors rather than pretend operation threats aka APTs).
You might think 'threat actors are sat in hoodies hacking the Matrix using generative AI!!!1!' but in reality 90% of attacks use Remote Desktop (i.e. point and click hackers) and follow the same basic paths over and over again successfully.
https://news.sophos.com/en-us/2024/12/12/active-adversary-report-2024-12/
Edited 171d ago