The issue of identity exposure is becoming more prevalent, as a recent survey revealed that over 90% of organizations reported facing identity-related breaches within the past year. The impact of these breaches can be long-lasting, as indicated by SpyCloud’s 2024 Identity Exposure Report, which found that the average digital identity appears in nine breaches and is associated with 15 breach records.
In response to the escalating threat to identities, organizations are adopting new approaches and tools to enhance their cybersecurity defenses, such as passkeys. Despite these efforts, cybercriminals are still finding ways to evade these protections through sophisticated, next-generation identity attacks. By exploiting information stored by browsers, such as session cookies, API tokens, and form-fill data, criminals can bypass traditional authentication measures to take control of a user’s account.
To combat these evolving threats, organizations must expand their understanding of what constitutes a digital identity and implement proactive measures to defend against emerging attack methods.
Digital identities are no longer limited to just an email and password. With the vast amount of personal data shared online, criminals have access to a wide range of personally identifiable information (PII) for potential attacks. The darknet in 2023 contained over 200 unique types of PII, including birthdates, credit card details, passport information, and social security numbers. User identities now encompass hundreds of data types, from national IDs to social media handles, providing cybercriminals with vast datasets to use in conducting cybercrimes like identity theft and fraud.
Attackers can combine disparate data types to piece together information and carry out various cybercrimes, with research indicating that over 74% of people exposed in breaches reused compromised passwords. As digital identities expand beyond traditional credentials, cybersecurity measures must evolve to keep pace with new trends.
One increasingly prevalent trend is cybercriminals using users’ session cookies to launch sophisticated attacks. The darknet saw over 20 billion exposed cookie records last year, with an average of more than 2,000 stolen records per malware-infected device. These cookies allow criminals to carry out attacks like session hijacking, in which they take control of a user’s online session using stolen cookies.
Passkeys and multifactor authentication do not protect against such attacks, as session hijacking bypasses the authentication process entirely. Criminals can combine stolen cookies with other information to mimic legitimate users, making detection challenging. With malware-driven attacks on the rise, organizations need to understand the threat posed by malware and how to mitigate it effectively.
In 2023, over 61% of data breaches were malware-related, highlighting the significant threat posed by infostealer malware. These malware strains can steal large amounts of data quickly and are often bundled with services aimed at evading detection by security solutions. With multiple infostealer families active on the darknet, organizations face a diverse and escalating threat landscape that requires a new approach to cybersecurity.
Current malware remediation strategies focus on addressing compromised devices but often overlook stolen identity data like session cookies. By proactively monitoring the darknet for compromised data, organizations can gain a comprehensive view of their attack surface and take steps to mitigate risks. Shifting to an identity-centric approach to malware remediation can help organizations proactively defend against infostealer malware and safeguard their data.
In conclusion, the evolving threats to digital identities require organizations to adapt their cybersecurity strategies to meet the challenges posed by sophisticated cybercriminal activities. By broadening their understanding of digital identities and implementing proactive measures to defend against emerging attack vectors, organizations can enhance their cybersecurity defenses and better protect their users’ identities.