IBM X-Force Report
Big Blue: "In cases where networks were compromised by attackers, IBM X-Force saw a shift to cybercriminals abusing administrative tools, instead of malware, to achieve their goals. "
Are you sure the local Admin wasn't pressured/bribed to share admin passwords and credentials ?