Use of LOLBins, GitHub tools and Cobalt Strike also Widespread, Kaspersky says. Attackers are continuing to use previously seen tactics to gain entry to corporate networks, followed by using recognizable tools to reconnoiter and gain high-level access to systems. In 45% of investigations, the initial access vector could not be identified. In 37% of cases, files had already been forcibly encrypted, while 7% of the time data leakage had been discovered, and 3% suspected funds had gone missing.”]
Source: https://www.cuinfosecurity.com/top-initial-attack-vectors-passwords-bugs-trickery-a-17527