For our third focussed topic for Talos' 2024 Year in Review, we tell the story of how identity has become the pivot point for adversarial campaigns.

The main themes of this story are credential abuse, Active Directory attacks, and MFA workarounds. Valid account usage was the #1 way attackers got in last year, and nearly half of identity attacks involved AD.

We also explore common MFA missteps (like no enrollment or misconfigured policies) and break down how attackers are bypassing protections with techniques like push fatigue and password spraying.

Take a look at this short but data-rich overview of identity attacks and MFA bypass. For defenders, it may be able to help you to identify gaps in MFA implementations, understand the operational tradecraft attackers are using post-authentication, and how to align your defenses with what’s being seen in the wild.

For a 60 second overview, have a watch of this video:

For the full analysis, download Talos' 2024 Year in Review today.