The Rise of Social Engineering Attacks
China has adopted an operational-relay base model that relies on botnets of infected routers in the U.S. That’s because attacks “coming from inside the house” are easier to pass off as normal network activity.
Salt Typhoon, a Chinese advanced persistent threat actor, has become adept at targeting U.S. telecommunications companies, Meyers said.
Hands-on-keyboard attacks, in which the threat actor forgoes scripted commands in favor of manually handling the operation, accounted for 79% of all cyberattacks in 2024, according to the report.
Attackers using this method log in to a network with compromised user credentials and then move across the network via an application or browser. They often obtain these credentials by impersonating the user and calling the help desk for a password reset or, conversely, flooding a user with spam, then impersonating the help desk to send that person a link that bypasses authentication.
While it has numerous benefits, generative artificial intelligence is also making it easier to harvest credentials. Phishing emails written by generative AI had a click-through rate of 54%, compared with 12% for those written manually, according to the report.
In one instance, a company made a $25.6 million wire transfer in response to an emailed deepfake video. Companies are also unwittingly hiring North Korean attackers who create fake LinkedIn profiles with generative AI, then use deepfake videos during their interviews while answering questions — also using generative AI.
“Not only are these adversaries using different techniques, different capabilities, they’re also doing it faster,” Meyers said.
The average breakout time — the time it takes an adversary to move laterally within a network — was 48 minutes in 2024, down from 62 minutes the year before. The fastest breakout recorded was just 51 seconds, according to the report.
Some threat actors, known as access brokers, gain access to a target and then sell it to the highest bidder. This activity jumped 50% in 2024, per the report.