Rise in hands-on-keyboard cyberattacks highlights detection challenges

Despite advancements in AI-enhanced cyberattacks, manually executed hands-on-keyboard attacks remain a growing threat heading into 2025, reports CRN.

Adam Meyers, senior vice president of counter-adversary operations at CrowdStrike says manual attacks, which involve direct interaction with compromised systems rather than relying on malware or automated tools, are gaining traction among cybercriminals for their effectiveness and elusiveness. Meyers noted that these manual attacks are difficult for security tools to detect as they rely on behavioral patterns rather than malicious software or exploits. Hackers use standard tools like Microsoft Edge, PowerShell, Python, or Bash shells to navigate systems, making detection even more complex.

The risk escalates when these tactics are paired with cross-domain attack strategies. Hackers like the Scattered Spider group, known for high-profile attacks on MGM and Caesars Entertainment in 2023, leverage methods such as phishing for credentials, compromising cloud environments, and establishing persistence on endpoints through new user accounts. “If you’re only looking at one of those things — if you’re only looking at the endpoint — you’re not going to see the identity or the cloud activity. And that means that you’re missing an opportunity to stop that threat actor from becoming successful,” Meyers stressed.