Mandiant recently issued its M-Trends 2026 Report, a must read for all cybersecurity professionals. The report provides several conclusions and insights, including that both nation states and run of the mill financially motivated threat actors are “integrating AI to accelerate the attack lifecycle.” These threat actors are “increasingly relying on large language models (LLMs) as a strategic force multiplier to move beyond mass email campaigns toward hyper-personalized, rapport-building, social engineering.”
Speaking of social engineering, the report also highlights that threat actors are using vishing campaigns more frequently and quite successfully. Vishing now holds the number two slot in how threat actors successfully attack companies. We have seen an increase in successful vishing campaigns, and the Mandiant Report confirms that threat actors are increasingly using this attack vector over other methods. This highlights the continued need to educate employees (including customer service representatives, help desk, and human resources employees) on these tactics and to implement internal processes to address identity management.
And, of course, ransomware is as prevalent and catastrophic as ever. The report concludes that ransomware attackers are increasing the pressure on companies to pay by “systematically targeting backup infrastructure, identity services, and virtualization management planes” to limit a company’s ability to recover. Therefore, Mandiant suggests that companies prioritize these areas to give them a better posture to recover.
The Mandiant Report provides a real-world analysis of recent threats (and suggestions to mitigate them) that is useful for security professionals to assess current risks.