A significant increase in assaults targeting non-human identities (NHIs), like service accounts, APIs, and machine identities, has been disclosed in the study. Delinea’s investigations unveil that for each human identity, there are currently 46 NHIs, a figure projected to surpass 45 billion by 2025. Worryingly, more than 70% of NHIs are not rotated within recommended timeframes, with an average cycle of 627 days, greatly exceeding security best practices. Moreover, 97% of entities expose their NHIs to third-party providers, substantially elevating the hazard of unauthorized entry.
“One of the primary obstacles recognized in the study is the escalating focus on non-human identities,” mentioned Jon Kuhn, SVP of Product Management at Delinea. “For entities, this transition implies they are encountering a substantial and frequently disregarded security loophole. With the number of these machine identities expected to grow significantly in future years as corporations persist in swiftly adopting AI, the absence of suitable credential management and the exposure of these identities to third parties establish severe vulnerabilities that cyber offenders can exploit to get unauthorized access to imperative systems and data.”
The revival of ransomware
The study also exposes a troubling trend in ransomware attacks, which turned more sophisticated in 2024 with the emergence of dual extortion strategies. Cyber criminals not only encrypt but also extract sensitive data, threatening to disclose it publicly unless a ransom is issued. Five ransomware factions — RansomHub, LockBit, Play, Akira, and Hunters — accounted for over 36% of all ransomware occurrences scrutinized by Delinea in 2024, aggregating to more than 5,700 attacks. Going forward, the study predicts a surge in AI-guided phishing assaults, with cyber criminals leveraging AI to compose increasingly convincing phishing emails, making it tougher to differentiate legitimate correspondence from malicious ones.
“The surge in ransomware complexity and the expanding prevalence of AI-guided attacks are undeniable trends in the contemporary cybersecurity scope,” stated Gal Diskin, Vice President of Threat & Research at Delinea. “Our investigations disclose that cyber offenders are progressively utilizing AI and potent Ransomware-as-a-Service (RaaS) tools to initiate more targeted and scalable assaults, particularly revolving around phishing and machine identities. To remain ahead, entities must adapt their security tactics, emphasizing not just on sophisticated threat identification, but also foundational security protocols and enhancing multi-factor authentication (MFA) to confront the growing peril of credential phishing.”
Delinea Labs, the research and innovation branch of Delinea, stands at the front line of analyzing emerging cybersecurity risks. Comprising elite security analysts and threat intelligence specialists, the squad conducts comprehensive studies of assault methodologies and vulnerabilities, aiding entities in keeping ahead of the perpetually changing threat milieu. In addition to its cutting-edge security inquiry, Delinea Labs also propels AI advancement, exploring how artificial intelligence can amplify threat detection, risk evaluation, and identity security to further reinforce cybersecurity defenses.
About Author
