Identity

Cybercriminals are increasingly using sophisticated identity-based attacks (phishing, social engineering, leveraging compromised credentials) to gain access as trusted users and move laterally across systems undetected.

We spoke to Cristian Rodriguez, field CTO, Americas at CrowdStrike, about the company’s recent research into these attacks and now organizations can defend against them.

AI-powered fraud is evolving faster than most organizations can detect it. That’s the message from Proof, the identity authorization company, in its new report, The Trust Ledger: Transaction & Identity Fraud Bulletin.

The research reveals how synthetic identities, stolen credentials, and generative AI are fueling a surge in digital impersonation and fraud across industries.

Recent high-profile attacks have placed increased emphasis on the software supply chain and the need to understand where code has originated.

A developer's coding style is as unique as their fingerprint and, thanks to artificial intelligence, it’s possible to identify an author based on a short code segment. Felix Mächtle, a researcher at the University of Lübeck and member of the AI Grid research network, has developed a tool that does just that. We spoke to him to learn more.

Organizations are continuing to struggle to identify and address security vulnerabilities in hybrid identity systems such as Active Directory, Entra ID, and Okta.

This is among the findings of a new report, from AI-powered identity security and cyber resilience company Semperis, which is based on results from Purple Knight a free Active Directory security assessment tool by Semperis that has been downloaded by 45,000+ organizations.

Advanced phishing kits and info-stealing malware have accounted for a 156 percent jump in cyberattacks targeting user logins.

A new report from cybersecurity company eSentire shows attackers are increasingly opting for obtaining login credentials and session cookies via phishing or malware. This then allows them to carry out Business Email Compromise (BEC) attacks, gain access to bank accounts, or steal cryptocurrency.

Microsoft Active Directory (AD) turned 25 earlier this year -- remarkable longevity in the technology world. It’s the identity backbone for more than 80 percent of enterprises, meaning a breach could be catastrophic.

We spoke to Sean Deuby, principal technologist at Semperis, to look at the top considerations for protecting AD for the future, as most organizations he talks to have no plans to move on from the aging technology.

The first day of May has numerous competitors for its patronage. It's May Day, of course, and it's International Labor Day, and apparently it's Global Love Day. Since 2013 it's also been World Password Day -- created by Intel to highlight concerns around digital security.

As of last year though there's been further competition from the upstart World Passkey Day. So are we finally seeing a serious challenge to the dominance of passwords as an authentication method?

A new AI security report from Check Point Software shows how cybercriminals are co-opting generative AI and large language models (LLMs) in order to damage trust in digital identity.

At the heart of these developments is AI's ability to convincingly impersonate and manipulate digital identities, dissolving the boundary between authentic and fake.

New research highlights the growing threat of identity-based attacks and looks at organizations ability to defend against them.

The study from Huntress shows 67 percent of organizations reported an increase in identity-based incidents over the past three years, with these attacks comprising more than 40 percent of security incidents for 35 percent of organizations in the past year alone.

Analysis of almost 93,000 threats detected within more than 308 petabytes of security telemetry by Red Canary shows infostealer malware infections on the rise across both Windows and macOS platforms.

Used to gather identity information and other data at scale, in 2024 LummaC2 was the most prevalent stealer detected in 2024, operating under a malware-as-a-service model, and selling for anywhere from $250 per month to a one-time payment of $20,000.

The year 2025 will not be a revolutionary one, it will be evolutionary, with developments coming into effect that were necessitated by events and happenings in 2024, and solutions to address these events reaching maturity levels that allow an appropriate, comprehensive response. With threats like ransomware certain to continue, identity resilience is going to become more important in the year ahead and, as such, identity will become the critical component of security.

This shift in emphasis started to take place in 2024, but there will be a greater focus on it among business leaders in the year ahead as they start to understand that identity is one of the biggest threats to any organization as it is a key vector for attackers.

Identity is at the root of most cyberattacks, but although we're seeing greater adoption of things like biometrics we still rely heavily on passwords.

There's added complication in the form of soaring numbers of machine identities too. Here's what some industry leaders think the identity landscape has in store for 2025.

Automations empowered by artificial intelligence are reshaping the business landscape. They give companies the capability to connect with, guide, and care for customers in more efficient ways, resulting in streamlined processes that are less costly to support.

However, AI-powered automations also have a dark side. The same capabilities they provide for improving legitimate operations can also be used by criminals intent on identity theft. The rise of low-cost AI and its use in automations has empowered scammers to widen their nets and increase their effectiveness, leading to a drastic increase in identity theft scenarios.

As we approach the peak holiday shopping season a new survey of nearly 400 IT security decision-makers and retail customers from identity specialist HYPR shows that 58 percent of retail organizations experienced at least one authentication-related breach and 65 percent were victims of identity fraud over the last 12 months.

Retailers have suffered losses of up to $6.27 million in the last year alone due to insecure authentication methods. By contrast financial institutions reported only $4.57 million lost during the same period.

Nearly half of businesses admit they are only partially confident in their ability to detect deepfakes, leaving them vulnerable to escalating fraud risks according to a new report.

The report from identity solutions company Regula shows 59 percent of businesses consider video deepfakes a serious threat, while 58 percent feel the same about audio deepfakes.