惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

V2EX - 技术
V2EX - 技术
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threat Research - Cisco Blogs
T
The Exploit Database - CXSecurity.com
S
Schneier on Security
S
Securelist
P
Privacy & Cybersecurity Law Blog
Scott Helme
Scott Helme
T
Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
L
LINUX DO - 热门话题
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
量子位
博客园 - Franky
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Latest news
Latest news
T
Troy Hunt's Blog
N
News | PayPal Newsroom
Google Online Security Blog
Google Online Security Blog
Apple Machine Learning Research
Apple Machine Learning Research
N
Netflix TechBlog - Medium
小众软件
小众软件
P
Palo Alto Networks Blog
Spread Privacy
Spread Privacy
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
WordPress大学
WordPress大学
L
Lohrmann on Cybersecurity
L
LINUX DO - 最新话题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Last Watchdog
The Last Watchdog
S
Security @ Cisco Blogs
P
Privacy International News Feed
Last Week in AI
Last Week in AI
Microsoft Security Blog
Microsoft Security Blog
T
Tailwind CSS Blog
博客园_首页
云风的 BLOG
云风的 BLOG
V
Vulnerabilities – Threatpost
D
DataBreaches.Net
Recent Announcements
Recent Announcements
酷 壳 – CoolShell
酷 壳 – CoolShell
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
罗磊的独立博客
Engineering at Meta
Engineering at Meta
Forbes - Security
Forbes - Security
T
Tenable Blog

Latest news

Why I'm recommending last year's phones over 2026 models - with one exception This powerful Gemini setting made my AI results way more personal and accurate How to qualify for Apple's education discount - and get a $499 MacBook Neo for school T-Mobile will give you a Samsung Galaxy Watch 8 for free - how to get yours Prolonged AI use can be hazardous to your health and work: 4 ways to stay safe Verizon will give you a free iPad or Apple Watch with your next iPhone - how the deal works The best laptops of 2026: Expert tested and reviewed I hid 4 Bluetooth trackers (including AirTags) to test their reliability - here's how Android rivals compared I stopped using my iPhone's hotspot after testing this 5G router - and that won't change The best Kindles in 2026: Expert recommended Does Best Buy price match? Everything to know about matching prices online and in-store The best WordPress hosting services of 2026: Expert tested and reviewed The best Apple Watch of 2026: Expert tested and reviewed The best TV screen cleaners of 2026: Expert recommended The best 50-inch TVs of 2026: Expert tested I traded my Sonos Era 300 for Denon's new home speaker - and see no reason to go back AI-powered website builders have come a long way - here's your best option in 2026 Amazon just slashed $250 off the Google Pixel 10 - and a Prime subscription isn't required I found the apps slowing down my PC - how to kill the biggest memory hogs These companies are actually upskilling their workers for AI - here's how they do it Verizon will give you Meta Ray-Bans for free with this Fios Internet deal - how to get yours I tried the new Gemini app for Mac - it has one major advantage over the web version How Google's updated AI Mode will ease your tab clutter when you search Why this MagSafe battery pack is our readers' favorite model right now - especially at its price T-Mobile will give you a Google Pixel 10a for free - plus an extra gift OpenAI's Codex Desktop can run your computer now - and has its own browser Want to build a startup that gets acquired? This founder shares 5 proven tips Google to pay $135M settlement to Android phone users - how to claim your share if you qualify Want to stand out on LinkedIn? Try this career strategist's top 3 tips for strengthening your profile I've used Dell's new XPS 16 for a week, and it's the Windows laptop to beat in 2026 You can get 50% off YouTube Premium for 1 year right now - but the deal ends soon Tidal vs. Qobuz: I tried both hi-res streaming services, and they couldn't be more different This stroller turns into a carry on-suitcase, and I recommend it for traveling parents The best small business VoIP providers of 2026: Expert tested and reviewed Protect your devices with our pick for the best antivirus software, now over 60% off MacBook Neo vs. Surface: Why spiraling RAM prices are bruising Microsoft's PC business but not Apple's I tried Google's new desktop app for Windows, and I'll never search the old way again Microsoft's Windows 11 laptop deal for students comes with a $500 bonus - what's included You can buy an LG B5 OLED for $1,500 off at Best Buy - and it comes with a free 4K TV Why Zorin OS 18.1 is simply the best Linux distro - for anyone Why Netgear just got the first FCC router ban exemption in the US Microsoft's latest Windows update now confirms if your PC is Secure Boot-protected - how it works Can this $70 Linux app make up for the lack of Photoshop? I tried it to find out 'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source iPhone charging slowly? 6 quick fixes to try before blaming your battery Roku TV vs. Fire Stick: Why I'm looking beyond streaming resolution when comparing the two AI is getting better at your job, but you have time to adjust, according to MIT The best internal communication tools of 2026: Expert tested and reviewed Half of all US employees use AI at work now - and waste almost 8 hours a week doing it The latest Google Home update brings Gemini fixes that I'm actually excited to try again This simple email trick saves me from annoying marketing spam (and it's free to do) I've been subscribed to a data removal service a month now - what I wish I knew sooner I love Sony's new Bluetooth turntable, so why do I feel so conflicted using it Is your Pixel battery draining faster lately? These 4 temporary fixes helped me You can use Linux 7.0 on these 7 distros today - here's what to expect Chrome's new 'Skills' update lets you save AI prompts now - for one-click reuse How I share audio from my Android phone to multiple earbuds (and why it's a big deal) How to use Google Messages' new Trash feature to recover texts you accidentally deleted Why the Apple Watch's 20-minute calibration test is worth your time - especially if you're data curious I tested every 'allergy-friendly' smart home gadget - these 6 actually keep the pollen out Meta is selling refurbished Ray-Bans for as low as $197 right now - but they're going fast Setting a MagSafe charger on my nightstand was the iPhone upgrade I didn't know I needed I swapped my Sony WH-1000XM6 for lower-end JBL headphones, and they still sounded great I tested ChatGPT Plus vs. Gemini Pro to see which is better - and if it's worth switching I used the 'Plus Five' rule to fix my iPhone's slow wireless charging - here's how it works I tested Artix Linux: An enjoyable systemd-free distro for experienced users (and ChromeOS speeds) I spent two years testing wind power at home - here's why solar is still my preferred source I camera-tested the Samsung Galaxy S26 Ultra with Oppo and Xiaomi - this model won it for me How I boosted my portable solar panels' power by up to 30% - 11 expert-approved tips I see why Ubuntu 26.04 is more than just a performance bump for thrill-seeking gamers France is ditching Windows for digital sovereignty - and its new Linux stack is taking shape As an Android user, this MagSafe wallet is the clearest reason why Qi2 magnets shouldn't be ignored The best Zoom alternatives in 2026: Expert tested and reviewed KDE Linux is the purest form of Plasma I've used in months - but there's a catch LG C6 vs. LG C5: Why the 2025 model is still the smarter OLED TV model buy for me How I disabled 'fast startup' on my Windows 11 laptop to stop overnight battery drain 30 years later, I returned to Enlightenment Linux to test the Elive beta - and it's much better Here's my favorite email trick for cleaning up inbox clutter - automatically The $30 Google TV stick may be the budget Chromecast successor we've been waiting for The best AR and MR glasses in 2026: Expert tested and reviewed This handy electric screwdriver is now 50% off - here's where to snag the deal This Ryobi yard essentials bundle packs a free power tool - how to get yours After trying these boomless headphones in the office, I'm feeling hopeful for the future of work tech I used this EcoFlow battery to run my 3,000-sq-ft home in a blackout - here's how it kept my AC on Microsoft's Windows Insider Program is no longer a confusing mess Forget Shokz: I tried the Suunto Spark earbuds for a month, and they've sold me on air conduction iOS 26.4 brings essential upgrades to your iPhone - including a vital security fix YouTube Premium is getting a price increase in June - but you can save $32 with one change Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now I walked 3,000 steps with my Apple Watch, Google Pixel, and Oura Ring - this tracker was most accurate I stopped guessing which AA batteries are dead - this charging station keeps them in check for me My favorite Android Auto find is these hidden shortcuts that are highly customizable AirDrop is coming to older Samsung phones - is yours supported? How to get it early I'm no longer using Google Photos as just a cloud storage - 5 tools that elevate the app The best data removal services of 2026: Expert tested and reviewed The best Samsung TVs of 2026: Expert tested and reviewed The best mobile scanning apps of 2026: Expert tested and reviewed The best HP laptops of 2026: Expert tested and reviewed After using Lenovo's new Yoga laptop, I'm wondering if Windows makers are running out of ideas Samsung S95H vs. Samsung S95F: I compared the OLED TVs and wasn't prepared for the upset
5 ways to fortify your network against the new speed of AI attacks
2026-05-19 · via Latest news
image-1.png
Jeffrey Hazelwood/ZDNET; Shutterstock

Follow ZDNET: Add us as a preferred source on Google.


ZDNET's key takeaways

  • Attacks on enterprise networks are becoming more frequent.
  • Cybercriminals are using AI, but humans remain the weakest link.
  • Defending against attacks requires structural changes to the network.

Here's the paradox of modern cyberwarfare: Increasingly, the attackers are using machines that can work orders of magnitude faster than the humans who control them. In response, the targets are increasingly turning to automated systems to detect and repel those intruders.

But in this machine-versus-machine combat, humans remain the center of each battle, and we mere mortals continue to be the weak point. That's the conclusion of this year's survey of the enterprise security landscape from Mandiant, a US cybersecurity firm -- now part of Google Cloud -- that specializes in investigating major global security breaches and advising organizations on how to protect themselves from cyber threats.

Also: Stopping bugs before they ship: The shift to preventative security

Modern enterprise networks are widely distributed and can hand off tasks to partners via software-as-a-service. The bad guys are doing the same thing, according to Mandiant, using a "division of labor" model: one group uses low-impact techniques like malicious advertisements or fake browser updates to gain access to a network, then hands off the compromised target to a secondary group for hands-on access.

And this all happens at a startling pace. In 2022, Mandiant reports, this "time to hand off" was more than eight hours. In 2025, thanks to automation, those hand-offs were happening after an average of just 22 seconds. Likewise, the window to compromise systems with zero-day exploits is also plummeting, with the mean time to exploit vulnerabilities dropping to seven days before vendors have had time to issue a patch.

Identifying the attackers

According to Mandiant, the majority of attackers conducting "hands-on-keyboard operations" in compromised enterprise networks can be divided into two groups with distinctly different tactics and pacing: Cybercriminals pursue financial gain, using tools like ransomware, while espionage groups optimize for long-term, stealthy access.

On one end of the spectrum, cyber criminal groups optimized for immediate impact and deliberate recovery denial. On the other end, sophisticated cyber espionage groups and insider threats optimized for extreme persistence, utilizing unmonitored edge devices and native network functionalities to evade detection.

Those "dwell times" -- that is, the time from intrusion to detection -- average 14 days, but cyber espionage incidents can last much longer, with a median dwell time of 122 days.

Also: The patching treadmill: Why traditional application security is no longer enough

Mandiant identified more than 16 industry verticals that are being targeted, with the high-tech sector (17%) and the financial sector (14.6%) at the top of the list.

Where the intrusions come from

No surprises here: Nearly one-third of detected intrusions come from exploits. The second most commonly observed vector is "highly interactive, voice-based social engineering," with groups targeting IT help desks "to bypass multifactor authentication (MFA) and gain initial access to software-as-a-service (SaaS) environments."

Also unsurprising is the increasing adoption of artificial intelligence tools for reconnaissance, social engineering, and malware development. After gaining access to a network, they report, "attackers are weaponizing AI ... the QUIETVAULT credential stealer was observed checking targeted machines for AI [command-line] tools to execute predefined prompts to search for configuration files and collect GitHub and NPM tokens."

Also: These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

However, AI is still playing a secondary role. "Despite these rapid technological advancements," the report notes, "we do not consider 2025 to be the year where breaches were the direct result of AI. From our view on the frontlines, the vast majority of successful intrusions still stem from fundamental human and systemic failures."

The bad guys are moving faster and breaking things

The entire tech industry has learned from Mark Zuckerberg's infamous imperative for Facebook engineers: "Move fast and break things." That's also true for cybercriminals, who have discovered that ransomware attacks are even more effective when they also target the virtual infrastructure that supports backup tools:

Ransomware groups are no longer just encrypting data; they are actively destroying the ability to recover. ... actively deleting backup objects from cloud storage. ... By targeting the virtualization storage layer directly or encrypting hypervisor datastores, they can render all associated virtual machines inoperable simultaneously.

Also: 1 in 2 security leaders say they're not ready for AI attacks - 4 actions to take now

The good news is that the targets are getting smarter, too. "Organizations are improving their internal visibility. Across all 2025 investigations, 52% of the time organizations first detected evidence of malicious activity internally, an increase from 43% in 2024." The sooner you discover evidence of an intrusion, the sooner you can begin the recovery process.

How to fight back

As attackers get more sophisticated and persistent, IT workers have to step up their game as well. Mandiant's advice includes advanced training for employees and help desk staff on how to recognize modern attack vectors: recognizing social engineering attacks using voice-based tools and messaging apps, as well as unauthorized MFA reset requests.

Here are five other defensive strategies that involve changes in network infrastructure:  

  1. Treat virtualization and management platforms as Tier-0 assets with the strictest access constraints.
  2. To counter the destruction of recovery capabilities, decouple backup environments from the corporate Active Directory domain and utilize immutable storage.
  3. Deploy advanced threat detection across the entire ecosystem and extend log retention policies well beyond standard 90-day windows.
  4. Regularly audit SaaS integrations and route all SaaS applications through a central identity provider (IdP).
  5. Implement behavior-based detection models that flag anomalous activity and deviations from established baselines.

Also: Cloud attacks are getting faster and deadlier - here's your best defense plan

In its conclusion, Mandiant's researchers note that "identity is the new perimeter." Simply rotating passwords and enforcing MFA isn't enough anymore. Focusing on hardening identity controls and shifting to continuous identity verification, especially with third-party vendors, is crucial.