A recent Mandiant report analyzed recent cyberattack trends. Of the threat groups tracked by Mandiant, 55% of threat groups active in 2024 were financially motivated, which marks a steady increase from 52% in 2023 and 48% in 2022. 8% of threat groups were motivated by espionage, which is a slight decrease from 10% in 2023.   

The most common initial infection vector was exploits (33%) for the fifth consecutive year. Stolen credentials (16%) rose to the second most common in 2024, marking the first time this vector has reached this level, and demonstrating its rising popularity. The remaining top five vectors include email phishing (14%), web compromises (9%), and prior compromises (8%).

Financial (17.4%), business and professional services (11.1%), high tech (10.6%), government (9.5%), and healthcare (9.3%). These targeting trends are mostly consistent with prior years. External sources first alerted organizations of a compromise 57% of the time in 2024, while 43% of the time it was identified internally. External notifications are divided into 43% from entities such as law enforcement and cybersecurity vendors, and 14% from adversaries, often in the form of ransom notes.