Identity-based attacks
Attackers are increasingly impersonating legitimate users, machines, or services to gain access to systems, data, or infrastructure. The technique is on the upswing in part due to improved security defenses, according to some experts, and also demonstrates attackers’ interest in targeting authentication mechanisms rather than exploiting software vulnerabilities directly.
“Endpoint detection and response technologies have pushed criminals into stealing credentials — or buying them from thieves — and then using them for authentication as account users,” says Tom Exelby, head of cybersecurity at UK-based cybersecurity services firm Red Helix. “Once they have access, they can augment their privileges through systems such as Microsoft Active Directory and Entra ID.”
Instead of stealing passwords, attackers steal active authentication tokens to bypass multi-factor authentication (MFA) protections.
