TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

How EDR and ITDR Elevate Your Security

2025-04-09 · Read original ↗

ATT&CK techniques detected

9 predictions
T1556.006Multi-Factor Authentication
60%
“what ’ s new — and growing fast — is the surge in identity - based attacks. according to our data, 67 % of all critical and high - severity incidents huntress reported in 2024 were identity - related. in the first two months of 2025 alone, that number jumped to 81 %. why the surg…”
T1539Steal Web Session Cookie
56%
“’ t stick to one surface. they pivot between endpoints and identities based on opportunity and defense gaps. let ’ s walk through two common pivot paths. 1. endpoint → identity step 1 : attacker phishes a user or exploits rdp to compromise an endpoint. step 2 : dumps credentials …”
T1003OS Credential Dumping
46%
“’ t stick to one surface. they pivot between endpoints and identities based on opportunity and defense gaps. let ’ s walk through two common pivot paths. 1. endpoint → identity step 1 : attacker phishes a user or exploits rdp to compromise an endpoint. step 2 : dumps credentials …”
T1078.004Cloud Accounts
43%
“##points. here, the endpoint compromise is the final stage, not the starting point. real - world tradecraft these pivots aren ’ t theoretical. they ’ re happening daily. case 1 : healthcare identity breach a threat actor used a doctor ’ s forgotten credentials to access a healthc…”
T1078.004Cloud Accounts
42%
“’ t stick to one surface. they pivot between endpoints and identities based on opportunity and defense gaps. let ’ s walk through two common pivot paths. 1. endpoint → identity step 1 : attacker phishes a user or exploits rdp to compromise an endpoint. step 2 : dumps credentials …”
T1003OS Credential Dumping
33%
“at a school district, a suspicious app named “ xxx ” was found with high - level permissions. it wasn ’ t malware — it was stealthware ( rare, unknown apps used by attackers to create backdoors ). - huntress flagged the app, removed it, and walked the admin through restoring iden…”
T1556.006Multi-Factor Authentication
32%
“digital fingerprint : credentials, tokens, mfa, permissions, session cookies, behaviors, and cloud - access patterns. identity attacks typically follow a three - phase structure : - credential theft or compromise - via phishing, adversary - in - the - middle ( aitm ) attacks, or …”
T1071.001Web Protocols
32%
“how edr and itdr elevate your security in cybersecurity, we talk about attack vectors like they operate in silos — endpoint threats over here, identity - based attacks over there. but the truth is attackers don ’ t care about our silos. they care about outcomes : access, persiste…”
T1111Multi-Factor Authentication Interception
30%
“##points. here, the endpoint compromise is the final stage, not the starting point. real - world tradecraft these pivots aren ’ t theoretical. they ’ re happening daily. case 1 : healthcare identity breach a threat actor used a doctor ’ s forgotten credentials to access a healthc…”

Summary

Threat actors are now exploiting both endpoints and identities in the latest cyberattacks. Learn about the rise of identity-based threats and why a combined EDR and ITDR approach is crucial for your cybersecurity.