DirectDefense Releases Annual Security Operations Threat Report Identifying Top Attack Tactics and Emerging Threats for 2025
DENVER--(BUSINESS WIRE)-- DirectDefense, Inc., an information security services company, today released its ' 2025 Security Operations Threat Report' which identifies the type and frequency of threats, offers insight into attacker behavior and the evolution of security threats, and forecasts the biggest threats to be aware of for the remainder of 2025.
In 2024, DirectDefense processed more than 10 million log events, ensuring rapid detection, response, and mitigation of potential cyber threats. The company discovered that adversaries have refined their techniques, blending social engineering with AI and automation to evade detection. DirectDefense mapped these alerts to the MITRE ATT&CK® framework to identify these top five tactics:
1. Initial Access – The Gateway to Compromise
Most Observed Technique: Valid Accounts – leveraging stolen credentials for unauthorized access.
Alerts Triggered: First Ingress Authentication from Country, Multiple Country Ingress Authentications, Multiple Wireless Country Authentications.
2. Persistence – Remaining Hidden in the Environment
Most Observed Technique: MFA Interception – attackers manipulating MFA settings to maintain access.
Alerts Triggered: New MFA Authenticator App Added, Account Manipulation.
3. Lateral Movement – Expanding Control Across the Network
Most Observed Technique: Valid Accounts – using stolen credentials to escalate privileges.
Alerts Triggered: Lateral Movement – Local Credentials.
4. Execution – Deploying Malicious Payloads
Most Observed Technique: Malicious File Execution – tricking users into running malware via phishing and social engineering.
Alerts Triggered: Malicious File Detected.
5. Credential Access – Harvesting Sensitive Authentication Data
Most Observed Technique: Brute Force – automated attacks on authentication systems.
Alerts Triggered: Account Lockout Events.
These attack tactics highlight a growing focus on identity compromise by bad actors, which requires organizations to enforce zero trust principles and employ strong identity verification for all access requests. Additionally, organizations should:
monitor identity-based events rigorously to detect anomalous MFA registrations and account modifications
restrict lateral movement by implementing network segmentation and least privilege access
enhance endpoint defenses through behavior-based detections and real-time anomaly detection
strengthen password policies and enforce MFA with phishing-resistant methods
Emerging threats for 2025
Based on these attack tactics, the DirectDefense team identified emerging threats that top the list for security concerns:
Faster and more sophisticated attacks: The average time from initial access to domain control has shrunk to under two hours, while ransomware deployment occurs in as little as six hours.
AI's double-edged sword: While AI helps cut through security alert noise, attackers are also leveraging AI to craft more convincing phishing attempts, deepfake scams, and automated attacks.
Security vendor consolidation risks: Major vendors like Fortinet and Cisco faced security vulnerabilities in 2024, highlighting the risks of relying on broad, one-size-fits-all security solutions.
Cloud environment threats: Companies struggle to secure multi-cloud environments, making cloud posture assessment and monitoring more critical than ever.
Remote work and third-party risks: Attackers continue to exploit vulnerabilities in remote access tools and third-party vendors, necessitating stricter access controls and monitoring.
The report also highlights the growing threat to critical industries and the shift from ransomware to extortion tactics. The types of attack tactics vary year to year, but DirectDefense's report reflects how the techniques and executions attackers use evolve over time.
'Attackers have honed their techniques to become faster and more powerful against a company's defenses; conversely, security solutions are less able to withstand attacks on their own and need constant monitoring and tuning,' said Jim Broome, President and Chief Technology Officer for DirectDefense. 'As adversaries refine their techniques, organizations need to stay ahead by adapting their security posture. It's not just about responding to threats—it's about anticipating and mitigating them before they cause harm.'
The full report can be found here.
About DirectDefense, Inc.
DirectDefense provides enterprise risk assessments, penetration testing, ICS/SCADA security services, and 24/7 managed security services for companies of all sizes. Focused on building security resiliency, the firm offers comprehensive security testing services with specialization in application security, vulnerability assessments, penetration testing, and compliance assurance testing. Its team of highly talented consultants has worked with the majority of the Fortune 100 companies, in industries such as power and utility, gaming, retail, financial, media, travel, aerospace, healthcare, and technology. More information can be found at www.directdefense.com.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Wire
38 minutes ago
- Business Wire
Most Popular Best's Review Articles Cover FAIR Plans and More
OLDWICK, N.J.--(BUSINESS WIRE)--In the past 30 days, Best's Review readers have been most interested in the following insurance news coverage: ' The Last Resort: As Private Insurers Exit High-Risk Areas, FAIR Plans Find Competitive Foothold ' reports how homeowners are turning to the residual market because of the decline in availability of coverage, even though FAIR Plan policies may cost more and offer less coverage. ' Parametric Plan for High-Risk Regions Wins AM Best 2025 Student Challenge ' presents the two students' competition-winning solution that would provide coverage to underserved markets. ' Insurance Industry Embraces AI Innovation as Technology Advances 'Exponentially' ' looks at how insurers have welcomed artificial intelligence to help customers and better understand risk. ' Nevada Considers FAIR Plan, Other Options To Tackle Insurability Issues ' describes the state's proposal for a FAIR Plan as well as a 'sandbox' for insurers to try out products that might not fully comply with current regulations. Best's Review is AM Best's monthly insurance magazine, covering emerging issues and trends and evaluating their impact on the marketplace. Access it here. For Best's Review advertising opportunities and media kit, visit our AM Best Advertising Services page. Copyright © 2025 by A.M. Best Company, Inc. and/or its affiliates.
Business Wire
38 minutes ago
- Business Wire
Best's Special Report: Bermuda Remains the Largest Offshore Life/Annuity Reinsurance Domicile
BUSINESS WIRE)--Bermuda continues to maintain its role as a driving force in offshore reinsurance, accounting for more than 40% of total ceded reserves for U.S. life-annuity writers in 2024, according to a new AM Best report. The newly issued Best's Special Report, titled 'Bermuda Remains the Largest Offshore Life/Annuity Reinsurance Domicile,' also notes that the island nation accounted for over 60% of reserves ceded for L/A transactions effective in 2023 and 2024. However, the growth in ceded reserves from U.S. L/A insurers slowed to 6.4% in 2024, compared with over 10% growth in each of the previous three years. 'Bermuda has a long history of reinsurance regulator accessibility, along with solid networks of legal, actuarial and accounting expertise,' said Jason Hopper, associate director, AM Best. 'Capital efficiency tends to be cited as the primary business rationale for using offshore reinsurance.' The report cites the aging U.S. population and higher interest rates as drivers in the strong annuity growth over the past two plus years. While the growth tapered off in 2024, it is expected to continue, and more companies may look to reinsurers to manage growth and capital levels. Affiliated offshore reinsurance can provide country- risk diversification and capital-efficiency, which supports balance sheet growth. Yet it can also provide accounting and tax benefits. 'However, cross-border reinsurance introduces operational complexity and opaqueness, which may complicate analysis,' said Jacob Conner, associate analyst, AM Best. According to the report, nearly 70% of reserves ceded offshore go to affiliates. Companies with asset manager/private equity sponsors comprise 46% of reserves ceded to offshore affiliates. The report also includes data on U.S. life/annuity insurers, detailing the highest share of in-force ceded reserves offshore affiliates, a breakdown of in-force reserves assumed by region and a ranking of the largest reinsurance transactions for ceded reserves in 2024. To access the full copy of this special report, please visit
Business Wire
an hour ago
- Business Wire
Huron's John Tiscornia and Fanny Ip Recognized as Top Consultants
CHICAGO--(BUSINESS WIRE)--Global professional services firm Huron (NASDAQ: HURN) today announced that Consulting Magazine has named John Tiscornia and Fanny Ip and Top Consultants in 2025. John received the esteemed Lifetime Achievement Award and Fanny Ip was honored as a Technology Innovator for her client excellence in artificial intelligence (AI) and automation. 'John and Fanny exemplify the values, leadership principles, and expertise that define Huron,' said Mark Hussey, chief executive officer and president of Huron. 'John is a dedicated leader with decades of selfless mentorship and impact on the consulting profession, and Fanny's vision, along with her technical experience, is driving transformative change for our clients. I congratulate John and Fanny on these well-deserved recognitions.' John Tiscornia received the Lifetime Achievement Award, one of Consulting Magazine's highest honors. Throughout his extraordinary career, John has worked with healthcare organizations to address their most complex financial and operational challenges. With a career spanning several decades, John is widely respected for his integrity, insight, mentorship, and commitment to client excellence. His impact can be seen in both Huron's continued success and in the many careers he has helped shape along the way. Fanny Ip was recognized as a Technology Innovator. Fanny is a forward-thinking technology leader who brings more than 20 years of experience helping organizations unlock value through automation, artificial intelligence, and business transformation. She has led complex technology initiatives across industries, enabling clients to improve operational efficiency and drive impactful, future-ready strategies. Fanny's ability to turn innovation into action has earned her recognition as a trusted advisor and thought leader in the evolving digital landscape. The annual Top Consultants awards celebrate professionals who drive exceptional results for clients and advance the consulting industry through innovation, leadership, and transformational impact. John and Fanny were honored during the Top Consultants awards event on June 26, 2025. See the full list of honorees here. ABOUT HURON Huron is a global professional services firm that collaborates with clients to put possible into practice by creating sound strategies, optimizing operations, accelerating digital transformation, and empowering businesses and their people to own their future. By embracing diverse perspectives, encouraging new ideas and challenging the status quo, we create sustainable results for the organizations we serve. Learn more at
