- Cybercounts are increasingly addressed to login credentials, session cookies and more
- The threat of identity -based attacks is increasing
- The costs are added and companies take to respond
Companies face an increase in identity -based attacks, and dishonest applications are the main culprit, the 2025 hunter research “IDR report administered: identity is the new security perimeter.”
Based on a survey of more than 600 IT and security professionals, the new Huntress report establishes that two thirds (67%) of organizations reported an increase in identity -based incidents in the last three years.
In addition, these attacks included more than 40% of security incidents for more than one third (35%) of organizations only in the last 12 months.
Second increase
Huntress also states that the “dishonest requests” are the number one concern here. Almost half (45%) or respondents said they found rebel and/or malicious applications in the past, while 46% described them as a “identity -based concern.”
To worsen things, detection and response times are not kept up to date. More than half (53%) said they need “hours” to detect this incident, and two thirds (68%) added that they could not detect or respond to the threat until the actors have already established persistence.
Huntress also warned that the financial impact of these attacks is “significant.” In addition to the inactivity time and reputation damage, the researchers found a third (32%) of the companies that lost at least $ 100,000 as a result.
“Identity cannot be denied is the new end point. With the widespread adoption of the cloud, the change towards hybrid work and a greater dependence on SAAS applications, the identity attack surface has exploited in recent years,” said Prakash Ramamurthy, director of Huntress Products.
“Computer pirates are no longer wasting time in the networks in the difficult way. They are starting session using stolen credentials, session cookies and access tokens to avoid the protection of the end point and exploit weak multiple authentication.”
However, not everything is lost, since there are multiple methods, including access to the zero trust network (ZTNA), which help mitigate this threat.
