The report reveals a notable surge in assaults directed at non-human entities (NHEs), like utility accounts, APIs, and machine identities. Based on Delinea’s analysis, it is found that for each human identity, there exist currently 46 NHEs, a figure projected to surpass 45 billion by 2025. Alarmingly, more than 70% of NHEs do not undergo regular rotations as recommended, with an average span of 627 days, significantly surpassing security standards. Furthermore, 97% of entities expose their NHEs to external vendors, substantially elevating the risk of unauthorized entry.
“One of the prime hurdles identified in the report is the expanding focus on non-human entities,” mentioned Jon Kuhn, SVP of Product Management at Delinea. “For companies, this change signifies that they are encountering a substantial and often overlooked security void. As the count of these machine identities is predicted to soar exponentially in the forthcoming years due to enterprises rapidly embracing AI, the absence of proper credential management and the exposure of these entities to external parties lead to critical vulnerabilities that cyber intruders can exploit to gain illicit entry to essential systems and information.”
The Return of Ransomware
The report also unveils a troubling trend in ransomware assaults, which, in 2024, grew more complex with the emergence of dual extortion tactics. Malefactors not only encrypt data but also extract sensitive information, vowing to disclose it publicly unless a ransom is forked over. Five ransomware factions – RansomHub, LockBit, Play, Akira, and Hunters – were accountable for over 36% of all ransomware occurrences monitored by Delinea in 2024, tallying more than 5,700 assaults. Looking forward, the report predicts a spike in AI-driven phishing attempts, with cybercriminals leveraging AI to shape increasingly convincing phishing emails, rendering it difficult to differentiate between legit correspondences and malicious ones.
“The escalation in ransomware intricacy and the burgeoning prevalence of AI-driven assaults are unmistakable trends in today’s cybersecurity landscape,” remarked Gal Diskin, Vice President of Threat & Research at Delinea. “Our study exposes that cyber delinquents are progressively utilizing AI and formidable Ransomware-as-a-Service (RaaS) solutions to initiate more pinpointed and scalable assaults, especially in the realms of phishing and machine identities. To maintain the upper hand, companies need to refine their security approaches, concentrating not just on advanced threat recognition but also on foundational security measures and enhancing multi-factor authentication (MFA) to tackle the expanding danger of credential phishing.”
Delinea Labs, the examination and development division of Delinea, is at the forefront of dissecting emerging cybersecurity risks. Comprised of elite security analysts and threat intelligence professionals, the squad conducts thorough examinations of assault methodologies and loopholes, assisting organizations in keeping up with the ever-transforming threat panorama. Apart from its pioneering security examinations, Delinea Labs also propels AI innovation, delving into how artificial intelligence can enrich threat identification, risk evaluation, and identity security to fortify cybersecurity defenses further.
About Author
