TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

F5 Labs

2023 Identity Threat Report: Executive Summary

2023-11-01 · Read original ↗

ATT&CK techniques detected

4 predictions
T1566.002Spearphishing Link
97%
“recently spoke to a security operations employee responsible for managing a commercial, off - the - shelf email phishing filter who said that their tool has a 95 % false positive rate for phishing mails. this means that phishing costs everybody whether they fall for one or not. w…”
T1110.004Credential Stuffing
89%
“stuffing is a numbers game. it hinges on the fact that people reuse passwords, but the likelihood that any single publicly compromised password will work on another single web property is still small. making credential stuffing profitable is all about maximizing the number of att…”
T1111Multi-Factor Authentication Interception
50%
“but aggregator and canary account traffic can make authentication success rate metrics unreliable. - the phishing industry has matured, with phishing kits and services driving down the requisite technical expertise and cost. - phishing appears to target financial organizations an…”
T1556.006Multi-Factor Authentication
40%
“okta want to get into the weeds on phishing ttps? yep, that ' s in the report too. multi - factor authentication bypass for more than a decade, the information security community has touted multi - factor authentication as a way to control identity risk. so of course attackers ha…”

Summary

Welcome to the fun-size version of our 2023 Identity Threat Report! If you only have 5 minutes to spare this is the place to start - and you can always download the full PDF for later.