- Identity -based attacks have increased since 2023
- Scammers use malware and cheap phaas platforms in attacks
- Connection identification information is used in beak campaigns
Pirates are increasingly prosecuted after the employee identification information, helped by advanced and easy -to -obtain advanced tools, have warned the experts.
This is the feeling resolved in a new Estare report, which revealed that the so-called “identity-based attacks” have increased by more than two years (156%) since 2023.
In the first quarter of 2025 only, this type of attack represented more than half (59%) of all confirmed cyber-incidents.
Compromise by commercial e-mail
Essentire has distinguished two things that have made the overvoltage of identity-based attacks possible: phishing-as-a-service platforms (phaas) such as Tycoon 2FA, and low-market and easily accessible infostative software.
Tycoon 2FA works as an opponent in the environment (AitM), intercepting connection identification information and real -time session cookies, for tools such as Microsoft 365 or Gmail.
In addition, with his own owner captha algorithms, he can escape automated scanners, and with obscured javascript, invisible unicode characters and fingerprints, he became good enough to escape detection. It costs up to $ 300 per month, making it a fairly attractive addition to the technological battery of any threat actor.
Those who cannot afford it (or simply do not want) can opt for an even cheaper option – infostability of malware that does not cost more than $ 100, and can often be found for as low as $ 10. These tools extract the identification information for browsers, password managers and VPN configurations.
Crooks would use the data obtained to perform compromise by e-mail attacks (BEC). They would affect the managers of managers or pretended for high-ranking business officers, sending emails from other employees who encourage them to wire money or share sensitive files which are then used in extortion.
Essentire recommends that organizations adopt MFA solutions resistant to phishing (for example, biometrics or material tokens), carry out continuous surveillance of identity and detection of real-time threats using AI platforms, prioritize the training of employees and implement a “proactive management of vulnerability” and protocols of correctives.
Via The register