Scan-and-exploit and stolen credentials remain top IAVs in ransomware attacks, accounting for nearly 72% of known IAVs. Law enforcement targeting of ransomware groups caused disruption and fragmentation, prompting new threat actor behaviors. Hacktivists continue to conduct denial of service or web site defacement campaigns against organizations linked to conflict zones. Adversary in the Middle phishing kits are increasingly used to bypass MFA.