Capital
Kaspersky’s 2025 Anatomy of a Cyber World report, based on data from MDR, Incident Response, Compromise Assessment, and SOC Consulting services, found that credential- and identity-focused attacks remain the most effective cyberattack techniques. The most common tactics linked to confirmed malicious incidents were password guessing (34.8%), local account creation (34.7%), valid account abuse (34.5%), account manipulation (32%), and network service discovery (31.2%). These techniques allow attackers to gain access, maintain persistence, escalate privileges, and move laterally within networks while often blending in with legitimate activity. The findings highlight the continued risks posed by weak or compromised credentials and insufficient visibility into account-related activities. According to Kaspersky, although the MITRE ATT&CK® framework documents numerous adversary techniques, organizations should prioritize detecting behaviors with the highest likelihood of malicious intent while minimizing false positives, a press release said.
“Threat actors do not always need sophisticated malware to achieve their objectives. In many cases, legitimate administrative tools and compromised accounts remain the fastest and most effective way to move inside an organization while avoiding detection. The continued popularity of these techniques shows that organizations need deep visibility into attacker behavior and the ability to correlate suspicious activity across different stages of an attack. To address these challenges, companies can enhance their security with our solutions: Kaspersky Managed Detection and Response and Incident Response which cover the entire incident management cycle – from threat detection to continuous protection and remediation,” comments Sergey Soldatov, Head of Security Operations Center at Kaspersky.
To learn more about attacker tactics and techniques, the characteristics of detected incidents and their distribution across regions and industry sectors, read the full report.
