Why Threat Actors Succeed

Source: Palo Alto Networks Blog

Author: Dan O’Day

URL: https://www.paloaltonetworks.com/blog/2025/10/why-threat-actors-succeed/

ONE SENTENCE SUMMARY:

Attacks succeed by exploiting weaknesses in security systems, such as complexity, visibility gaps, and excessive trust in organizations.

MAIN POINTS:

1. Attackers succeed by finding and exploiting unaddressed vulnerabilities like water through leaks.
2. Cloud-related cases accounted for nearly a third, highlighting cloud security as a critical concern.
3. IAM issues were prevalent, with 25% of investigated incidents lacking multi-factor authentication.
4. Attackers employ techniques like defensive evasion and EDR-disabling tools to blend with normal activity.
5. Complexity and disjointed security tools hinder detection and response, making attacks easier.
6. Visibility gaps, especially in hybrid and cloud environments, allow attackers to exploit networks.
7. Excessive trust leads to significant risks, with 41% of cases involving misuse of permissions.
8. Attacks often exploit browser vulnerabilities and phishing methods.
9. Cloud misconfigurations and unmanaged services exacerbate security risks.
10. Solutions like integrating security tools and improved IAM can mitigate vulnerabilities.

TAKEAWAYS:

1. Simplifying and integrating security tools is crucial for improved detection and response.
2. Enhancing visibility across environments, including cloud, is key to defense.
3. Reducing excessive trust and improving IAM can prevent privilege misuse.
4. Partnerships with experts like Unit 42 offer valuable guidance and support.
5. Continuous adaptation to evolving tactics is essential for effective security management.