Threat actors are increasingly capable of compromising enterprise networks by utilizing legitimate tools and social engineering techniques, instead of relying on malware, making it harder for network defenders to detect malicious activity.

According to CrowdStrike CEO George Kurtz and President Michael Sentonas, 71 precent of enterprise cyberattacks in 2022 were executed without malware. Besides using legitimate tools which help mask their malicious activity, threat actors are employing increasingly complex social engineering tactics to gain access to a victim’s network. In one example, the "Spider" cybercrime group conducts in-depth intelligence gathering activities, with the threat actor spending more than an hour on the phone with the victim company’s help desk trying to get any insights that could fuel the next phase of social engineering. After identifying a specific user, Spider calls the user on the phone informing them their credentials have been compromised. Victims are then sent a malicious link and prompted to enter their login credentials and multifactor authentication (MFA) code, thus granting the threat actor access to the enterprise network. To defend against this activity, organizations are encouraged to collect as much telemetry as possible from the endpoint to the cloud environment and provide awareness training to employees to help defend against social engineering attacks. Read more at DarkReading.