As a security practitioner, protecting your organization's data is your top priority. With the explosion of mobile and hybrid workforces, SaaS adoption, and application modernization, new attack methodologies are arising while existing ones resurface. This presentation examines the anatomy of identity-based attacks and how to mitigate them using modern identity and access management solutions.

1. Anatomy of Identity-Based
Attacks
As a security practitioner, protecting your organization's data is your top
priority. With the explosion of mobile and hybrid workforces, SaaS
adoption, and application modernization, new attack methodologies are
arising while existing ones resurface. This presentation examines the
anatomy of identity-based attacks and how to mitigate them using
modern identity and access management solutions.
FF
da Francesco Faenzi

2. The Rise of Identity-Based
Attacks
1 Growing Threat
Over 40% of all breaches
involved stolen credentials
and 80% of web application
breaches involved
credential abuse in 2021.
2 Expanding Attack
Surface
The attack surface
continues to expand
beyond traditional
enterprise and digital
consumer identities to
third-party supplier risk.
3 Ransomware Link
Even ransomware attacks, now comprising 25% of all breaches,
often involve compromised identities to gain initial access.

3. Password Spray Attacks
How It Works
Attackers attempt to use a few commonly known
passwords across multiple accounts, staying under account
locking thresholds. They may research company password
policies to craft guesses.
Mitigation Strategies
Set lockout policies, implement CAPTCHAs, enforce strong
password requirements, enable threat intelligence, and
implement alerting for failed attempts across accounts.

4. Credential Stuffing Attacks
Credential Harvesting
Attackers obtain credentials from
data breaches or underground
markets
Automated Testing
Credentials are tested across many
sites using automated tools
Account Takeover
Successful logins allow attackers to
access sensitive data

5. Machine-In-The-Middle (MITM) Attacks
Intercept Traffic
Attacker positions between user and resource
1
Broker Communication
Traffic flows through attacker's system
2
Capture Credentials
Attacker logs sensitive data like passwords
3
MITM attacks exploit the trust between users and services. Mitigation strategies include using TLS encryption, trusted networks, and phishing-resistant multi-factor authentication.

6. Phishing Attacks
Spear Phishing
Targeted attacks on specific
individuals
Whaling
Attacks targeting high-ranking
personnel
Vishing
Voice phishing to obtain sensitive information over the phone
Phishing aims to obtain credentials by luring users to malicious sites or
coercing them to provide information. Mitigation includes user training,
behavior detection, and integrating email security solutions.

7. Machine-to-Machine Communication Risks
1
Secure API Endpoints
Protect machine-to-machine communication
2
Credential Protection
Avoid hardcoding or insecure storage
3
Access Management
Implement proper authentication and authorization
Service account security is often overlooked but critical. By 2024, organizations are expected to manage half a million machine identities
on average. Proper security measures are vital to prevent unauthorized access.

8. Third-Party Account Risks
1 Federation Setup
Establish trust between identity providers
2 Partner Authentication
Users authenticate to their own IDP
3 Access Resource
Valid assertion allows access to federated resource
4 Potential Compromise
Breach of partner IDP could allow unauthorized access
Mitigate risks by enforcing security controls on your IDP, implementing step-up
authentication, and configuring risk-based policies with phishing-resistant factors
for high-risk logins.

9. Underground Credential Markets
Dark Web Marketplaces
Stolen credentials and access tokens
sold openly
Malware and Rootkits
Used to harvest credentials from
compromised systems
Defense Strategies
Implement strong MFA, limit token
scope, and use short-lived access
tokens

10. Protecting Against Identity-
Based Attacks
User Education
Train users on security best practices and phishing awareness
Log Correlation
Implement robust logging and alerting for suspicious activity
Adaptive MFA
Use context-aware, risk-based authentication policies
Threat Intelligence
Leverage global threat data to proactively block malicious activity
A comprehensive security strategy combines user education, robust processes,
and advanced technology to mitigate identity-based attacks and protect your
organization's critical assets.