Organizations now handle hundreds of human and non-human identities throughout cloud companies, software-as-a-service purposes, endpoints, and distant environments. As hybrid work, convey your individual gadget (BYOD), and third-party entry proceed to develop, safety groups are dropping observe of who has entry to what and whether or not that entry might be trusted.
Attackers benefit from that complexity as a result of it’s usually sooner and quieter to compromise an account than immediately exploiting vulnerabilities within the infrastructure. For defenders, detecting malicious exercise related to official identities stays one of many greatest safety challenges at the moment.
So what’s inflicting the rise in account takeover assaults? How can organizations defend their identities?
Phish periods as an alternative of passwords
Credential abuse is among the most dependable methods for attackers to realize entry to organizations, accounting for 22% of breaches in 2025. Attackers receive usernames and passwords by information-stealing malware, phishing campaigns, or credential dumps from earlier breaches.
Multi-factor authentication (MFA) stays some of the necessary defenses in opposition to account compromise, however attackers are using ways that concentrate on the authentication course of itself.
One widespread method is MFA fatigue, also referred to as immediate bombing. This includes repeatedly triggering MFA authorization requests till the consumer lastly approves. That is often as a consequence of frustration with the barrage of notifications you’re receiving.
A widely known instance occurred in 2022, when attackers focused Uber staff with repeated MFA prompts till they have been authorized.
This preliminary entry allowed the attackers to escalate privileges and penetrate deeper into Uber’s setting, in the end compromising a lot of the cloud infrastructure and exfiltrating worker information.
Attackers additionally use adversary middleman frameworks and session hijacking instruments to fully bypass MFA by stealing authenticated session tokens after login.
Credential phishing assaults are bypassing conventional protections
Phishing for credential theft stays well-liked, and the newest assaults have taken it to a brand new degree. Attackers at the moment are utilizing official internet hosting companies, trusted domains, reverse proxies, and AI-generated content material to create phishing pages that carefully mimic genuine login portals.
Menace researchers at Outpost24, Specops’ mother or father firm, not too long ago found a phishing marketing campaign leveraging official Cisco domains by multi-chain redirect assaults aimed toward evading detection and rising credibility.
Campaigns like this exhibit how troublesome it may be to establish phishing assaults, even for security-conscious customers.
Verizon’s information breach investigation report discovered that 44.7% of breaches concerned stolen credentials.
Simply defend your Energetic Listing with compliant password insurance policies, block over 4 billion leaked passwords, enhance safety, and dramatically scale back assist effort.
Strive it without cost
Units are increasing their assault floor
Staff now routinely entry company purposes from private laptops, unmanaged cellular gadgets, and methods that function exterior of conventional safety controls.
In consequence, IT departments don’t have any manner of figuring out whether or not staff are connecting to inner networks utilizing gadgets which are unpatched or contaminated with malware.
Compromised endpoints additionally present a precious route into the trusted setting. Specifically, Infostealer malware is a significant supply of account takeover exercise by amassing credentials, browser-saved passwords, and authenticated session cookies immediately from consumer gadgets.
That is the place specialised options like Specops Gadget Belief turn out to be useful. Specops Gadget Belief repeatedly scans the complete session for lively threats akin to disabled safety controls and outdated software program.
Integration with present id suppliers, VPNs, and SSO instruments permits safety groups to increase, somewhat than change, their present configurations, empowering entry choices with out burdening customers. It additionally means that you can implement entry choices with out burdening customers.
Why identity-based assaults are so arduous to cease
One of many primary causes account takeover assaults proceed to achieve success is that many safety controls nonetheless deal with profitable authentication as the one proof of belief. Conventional id and entry administration instruments are designed to validate credentials and authentication flows, not essentially whether or not the particular person behind them can really be trusted.
This problem has turn into much more pronounced as organizations undertake hybrid work fashions, cloud-first infrastructure, and BYOD insurance policies. Safety groups should stability sturdy entry controls with ease of use and productiveness necessities.
That creates troublesome compromises. You’ll be able to both block entry from gadgets that do not meet safety requirements and danger complicated your customers, or you’ll be able to enable entry and settle for that some gadgets could already be compromised. Most organizations find yourself someplace within the center, with out adequately addressing underlying belief points.
Excessive-profile incidents at organizations like Clorox and Marks & Spencer have bolstered the identical lesson that id alone is now not a adequate indicator of belief.
Verifying usernames and passwords is just not sufficient to thwart fashionable account takeover assaults. Organizations additionally want visibility into gadget well being, session danger, and behavioral alerts all through the entry lifecycle.
This modification has led to elevated curiosity in steady validation fashions, the place belief is assessed all through the session, not simply at login.
Tackle account takeover danger with Specops
Specops Gadget Belief delivers the required evolution in zero belief id safety. By incorporating gadget belief into the equation, safety groups have a clearer image of who’s accessing assets by:
- Gadget authentication: Bind customers to trusted gadgets to make sure solely licensed gadgets can entry delicate assets.
- Ongoing gadget validation: Examine the state of your gadget throughout components akin to OS updates, browser variations, and safety instruments, each at login and through your session.
- Versatile gadget protection: Implement insurance policies throughout each company and private gadgets with the power to regulate entry primarily based on danger and context.
- On-access remediation: Tackle points as they happen with out pointless interruptions to your customers. As an alternative of forcing customers to reset their passwords or blocking entry solely, you’ll be able to information customers by their points and proceed working safely. Sturdy id safety combines sturdy authentication with a frictionless consumer expertise.
By taking gadget reliability into consideration with Specops, you’ll be able to scale back the chance of account takeover with out slowing down your workforce.
Contact us at the moment to see how this method matches into your setting.
Sponsored and written by Specops Software program.
