Skip to main content

CYBERSTATS

Security Intelligence

Back to Home

For Persistence, the most observed technique by DirectDefense is MFA Interception, where attackers manipulate MFA settings to maintain access. Alerts triggered for Persistence include: New MFA Authenticator App Added, Account Manipulation.

DirectDefense
April 15, 2025
MITRE ATT&CKPersistenceMFA MFA interception

For Persistence, the most observed technique by DirectDefense is MFA Interception, where attackers manipulate MFA settings to maintain access. Alerts triggered for Persistence include: New MFA Authenticator App Added, Account Manipulation. — This cybersecurity statistic was published by DirectDefense in April 2025. It covers topics including MITRE ATT&CK, Persistence, MFA , MFA interception. The original data appears in 2025 Security Operations Threat Report. For the full methodology and detailed findings, refer to the original report.

Source

View Original Report

Published on 4/15/2025

Share or Copy this stat

Frequently Asked Questions

What does this statistic say?

For Persistence, the most observed technique by DirectDefense is MFA Interception, where attackers manipulate MFA settings to maintain access. Alerts triggered for Persistence include: New MFA Authenticator App Added, Account Manipulation. This data was published by DirectDefense and covers MITRE ATT&CK, Persistence, MFA , MFA interception.

Where does this data come from?

This statistic comes from 2025 Security Operations Threat Report, published by DirectDefense on April 15, 2025. You can view the original report at https://www.directdefense.com/gain-clarity/threat-report/.

What cybersecurity topics does this cover?

This statistic relates to MITRE ATT&CK, Persistence, MFA , MFA interception. Browse more statistics on MITRE ATT&CK or from DirectDefense.

Want More Statistics Like This?

Get the latest cybersecurity stats delivered to your inbox every week

Related Statistics

42% of MSPs now rely on MITRE ATT&CK Evaluations as their top vendor assessment resource.

Cynet7/23/2025
MSPMITRE ATT&CK

On average, enterprise SIEMs only have detection coverage for 21% of adversary techniques defined in the MITRE ATT&CK framework. This is a 2% increase in coverage from the 2024 report.

CardinalOps6/5/2025
SIEMMITRE ATT&CK

79% of MITRE ATT&CK Techniques used by adversaries are missed by enterprise SIEMs.

CardinalOps6/5/2025
SIEMMITRE ATT&CK

Growth in security alerts related to the MITRE security framework are up 30%

Akamai4/22/2025
MITRE ATT&CKAlerts

For Lateral Movement, the most observed technique by DirectDefense is Valid Accounts, using stolen credentials to escalate privileges. Alerts triggered for Lateral Movement include: Lateral Movement – Local Credentials.

DirectDefense4/15/2025
MITRE ATT&CKLateral movementValid accounts

For Initial Access, the most observed technique by DirectDefense is Valid Accounts, which involves leveraging stolen credentials for unauthorized access. Alerts triggered for Initial Access include: First Ingress Authentication from Country, Multiple Country Ingress Authentications, Multiple Wireless Country Authentications.

DirectDefense4/15/2025
MITRE ATT&CKInitial accessValid accounts

Browse by Topic

MITRE ATT&CKPersistenceMFA MFA interceptionMore from DirectDefense

Stay Ahead of Cyber Threats

Join 1,000+ security professionals getting weekly insights