Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Organisations that fall victim to cyber attacks are most commonly notified by external parties, according to new findings.
Google’s cyber security firm, Mandiant, has released its M-Trends 2025 report, outlining the trends in the current cyber security landscape.
“By providing data and other security metrics in M-Trends, along with deeper dives on attacker trends, we illustrate how threat actors are conducting their operations, how they are achieving their goals, and what organisations need to be doing to prevent, detect, and respond to threats,” said Mandiant.
A key finding within the report is that the majority of organisations still only discover compromise when an external party reaches out, whether that be a third party such as a cyber security firm, law enforcement or media publication, or a threat actor sending a ransom note or other form of communication.
“The majority of organisations, 57 per cent, first learned of a 2024 compromise from an external source,” said Mandiant.
Of that 57 per cent, 43 per cent of organisations discovered compromise after being notified by an external source, the same percentage as organisations that discovered threats internally.
The remaining 14 per cent discovered compromise after being notified by an adversary.
“Adversary notifications typically take the form of ransom notes and represented 14 per cent of total detection sources in 2024,” said Mandiant.
Within the Japan and Asia Pacific region, external detection represents an even larger percentage, with 69 per cent of detections discovered externally.
The latest findings represent only a small increase from the previous year, with 54 per cent of compromise discovered externally and 46 per cent internally.
Mandiant also found that exploits continue to be the most common initial infection vector for the fifth year in a row.
The firm said that its investigations noted that roughly a third (33 per cent) of all initial infections were the result of exploits.
Stolen credentials were second at 16 per cent, the first time this vector has been in the silver position. This represents an increase in stolen credentials being used for compromise. Mandiant said that info-stealer malware is being increasingly deployed to steal credentials for compromise.
“A key takeaway from M-Trends 2025 is that attackers are seizing every opportunity to further their objectives,” said Mandiant.
“One way they are doing this is through the use of info-stealer malware, which is increasingly being used to enable instructions using stolen credentials.”
Be the first to hear the latest developments in the cyber industry.
