Cybercrime , Fraud Management & Cybercrime , Identity & Access Management

The Rising Tide of Identity-Based Attacks

Huntress Co-Founder and CEO Kyle Hanslovan on the Shifting Threat Landscape
Kyle Hanslovan, co-founder and CEO, Huntress

The shift from traditional malware-led attacks to identity-based attacks in the realm of cybersecurity has become more prominent than ever. Attackers continuously adapt their tactics, seek the path of least resistance and focus on exploiting vulnerabilities in identity-related systems. The threat landscape is rapidly changing, and shifts in tactics occur roughly every six weeks, said Kyle Hanslovan, co-founder and CEO of Huntress.

See Also: Mitigating Identity Risks, Lateral Movement and Privilege Escalation

The widespread adoption of Microsoft 365 has provided new opportunities for adversaries to compromise identity, particularly in smaller organizations, Hanslovan said. Attackers manipulate email accounts, forward emails and modify attachments - ultimately capitalizing on identity-related vulnerabilities to perpetrate fraudulent activities, he said.

"When you think identity, you probably think of credentials you use to log in. But most people forget, that could be a mailbox. Why use phishing if you get the identity?" Hanslovan said. "When you log into Microsoft 365 website, or something else, you click the button that says, 'Let me stay logged in for another 30 days.' If they [attackers] can collect that cookie, that token, and then reuse it somewhere else, that allows them to bypass two-factor authentication."

In this video interview with Information Security Media Group at Black Hat USA 2023, Hanslovan also discussed:

  • Vulnerabilities in two-factor authentication and conditional access;
  • How attackers are bypassing geographic restrictions and VPNs;
  • The role of telemetry in identity security.

Hanslovan spent a decade supporting offensive cyber operations within the U.S. intelligence community. Prior to Huntress, he co-founded the defense consulting firm StrategicIO, where he contributed his expertise to strategic defense initiatives.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.