The Rising Tide of Identity-Based AttacksHuntress Co-Founder and CEO Kyle Hanslovan on the Shifting Threat Landscape
The shift from traditional malware-led attacks to identity-based attacks in the realm of cybersecurity has become more prominent than ever. Attackers continuously adapt their tactics, seek the path of least resistance and focus on exploiting vulnerabilities in identity-related systems. The threat landscape is rapidly changing, and shifts in tactics occur roughly every six weeks, said Kyle Hanslovan, co-founder and CEO of Huntress.
The widespread adoption of Microsoft 365 has provided new opportunities for adversaries to compromise identity, particularly in smaller organizations, Hanslovan said. Attackers manipulate email accounts, forward emails and modify attachments - ultimately capitalizing on identity-related vulnerabilities to perpetrate fraudulent activities, he said.
"When you think identity, you probably think of credentials you use to log in. But most people forget, that could be a mailbox. Why use phishing if you get the identity?" Hanslovan said. "When you log into Microsoft 365 website, or something else, you click the button that says, 'Let me stay logged in for another 30 days.' If they [attackers] can collect that cookie, that token, and then reuse it somewhere else, that allows them to bypass two-factor authentication."
In this video interview with Information Security Media Group at Black Hat USA 2023, Hanslovan also discussed:
- Vulnerabilities in two-factor authentication and conditional access;
- How attackers are bypassing geographic restrictions and VPNs;
- The role of telemetry in identity security.
Hanslovan spent a decade supporting offensive cyber operations within the U.S. intelligence community. Prior to Huntress, he co-founded the defense consulting firm StrategicIO, where he contributed his expertise to strategic defense initiatives.