CloudTweaks | Identity management in 2025

While 99% of businesses plan to invest more in security, only 52% have fully implemented multi-factor authentication (MFA), and only 41% adhere to the principle of least privilege in access management.

Adversaries, including nation-states, state-funded attackers and cybercrime gangs, continue to sharpen their tradecraft using generative AI, machine learning (ML) and a growing AI arsenal to launch increasingly sophisticated identity attacks. Deepfakes, tightly orchestrated social engineering and AI-based identity attackssynthetic fraudliving-of-the-land (LOTL) attacks and many other technologies and tactics signal that security teams are in danger of losing the war against adversarial AI.

“Identity remains one of the hairiest areas of security—in really basic terms: you need authorization (authZ: the right to access) and authentication (authN: the means to access). In computer security, we work really hard to marry authZ and authN,” Merritt Baer, CISO at Reco.ai, told VentureBeat in a recent interview.

“What we have to do is make sure that we use AI natively for defenses because you cannot go out and fight those AI weaponization attacks from adversaries at a human scale. You have to do it at machine scale,” Jeetu Patel, Cisco’s executive vice president and chief product officer, told VentureBeat in an interview earlier this year.

The bottom line is that identities continue to be under siege, and adversaries’ continued efforts to improve AI-based tradecraft targeting weak identity security are fast-growing threats. The Identity Defined Security Alliance (IDSA) recent report, 2024 Trends in Securing Digital Identities, reflects how vulnerable identities are and how quickly adversaries are creating new attack strategies to exploit them.

The siege on identities is actual – and growing.

“Cloud, identity and remote management tools and legitimate credentials are where the adversary has been moving because it’s too hard to operate unconstrained on the endpoint. Why try to bypass and deal with a sophisticated platform like CrowdStrike on the endpoint when you could log in as an admin user?” Elia Zaitsev, CTO of CrowdStrike, told VentureBeat during a recent interview.

The overwhelming majority of businesses, 90%, have experienced at least one identity-related intrusion and breach attempt in the last twelve months. The IDSA also found that 84% of companies suffered a direct business impact this year, up from 68% in 2023.

“The future will not be televised; it will be contextual. It’s rare that a bad actor is burning a 0-day (new) exploit to get access—why use something special when you can use the front door? They are almost always working with valid credentials,” Baer says.

“80% of the attacks that we see have an identity-based element to the tradecraft that the adversary uses; it’s a key element,” Michael Sentonas, president of CrowdStrike, told the audience at Fal.Con 2024 this year. Sentonas continued, saying, “Sophisticated groups like Scattered Spider, like Cozy Bear, show us how adversaries exploit identity. They use password spray, they use phishing, and they use MTM frameworks. They steal legitimate creds and register their own devices.”

Why identity-based attacks are proliferating

Identity-based attacks are surging this year, with a 160% rise in attempts to collect credentials via cloud instance metadata APIs and a 583% spike in Kerberoasting attacks, according to CrowdStrike’s 2023 Threat Hunting Report.

The all-out attacks on identities emphasize the need for a more adaptive, identity-first security strategy that reduces risk and moves beyond legacy perimeter-based approaches:

Unchecked human and machine identity sprawl is rapidly expanding threat surfaces. IDSA found that 81% of IT and security leaders say their organizations’ number of identities has doubled over the last decade, further multiplying the number of potential attack surfaces. Over half the executives interviewed, 57%, consider managing identity sprawl a primary focus going into 2025, and 93% are taking steps to get in control of it. With machine identities continuing to increase, security teams need to have a strategy in place for managing them as well. The typical organization has 45 times more machine identities than human ones, and many organizations do not even know exactly how many they have. What makes managing machine identities challenging is factoring in the diverse needs of DevOps, cybersecurity, IT, IAM and CIO teams.

Growing incidence of adversarial AI-driven attacks launched with deepfake and impersonation-based phishing techniques. Deepfakes typify the cutting edge of adversarial AI attacks, achieving a 3,000% increase last year alone. It’s projected that deepfake incidents will go up by 50% to 60% in 2024, with 140,000-150,000 cases globally predicted this year.  Adversarial AI is creating new attack vectors no one sees coming and creating a new, more complex, and nuanced threatscape that prioritizes identity-driven attacksIvanti’s latest research finds that 30% of enterprises have no plans in place for how they will identify and defend against adversarial AI attacks, and 74% of enterprises surveyed already see evidence of AI-powered threats. Of the majority of CISOs, CIOs, and IT leaders participating in the study, 60% say they are afraid their enterprises are not prepared to defend against AI-powered threats and attacks…

Read Full Source: VentureBeat

By Louis Columbus