Identity-Centric Threats: The New Reality
The cyberthreat landscape has transformed significantly with identity-based attacks emerging as a dominant threat vector. The 2025 Identity Threat Research Report, "Identity-Centric Threats: The New Reality," presents findings from research conducted by the eSentire Threat Response Unit (TRU) on shifting tactics, how they bypass traditional cybersecurity controls, and implications on organizational security posture. Download your complimentary copy of the report.
What are identity-centric threats?
Identity-centric threats focus on compromising user identities to gain access to valuable organizational assets, rather than exploiting technical vulnerabilities in systems. Recent data shows that identity-driven threats have increased by 156% between 2023 and 2025, now accounting for 59% of all confirmed threat cases in Q1 2025. This shift highlights a transformation in attack strategies, moving from traditional asset-focused attacks to sophisticated identity-centric campaigns.
How has Cybercrime-as-a-Service impacted identity theft?
Cybercrime-as-a-Service platforms have reshaped the landscape of identity theft by lowering the barrier to entry for threat actors. These platforms, such as Phishing-as-a-Service, allow individuals with limited technical skills to execute sophisticated attacks. For instance, services like Tycoon2FA, which can be rented for $200-300 per month, provide advanced credential harvesting capabilities, making identity theft more frequent and accessible.
What measures can organizations take to combat identity threats?
Organizations should rethink their security posture by assuming that identities will be compromised. This includes implementing continuous authentication verification, comprehensive credential monitoring, and rapid response capabilities for identity-based threats. Regular threat hunting for unusual sign-ins and modifications to multi-factor authentication methods is also essential to mitigate risks associated with identity theft.
Identity-Centric Threats: The New Reality
published by Domitek
Domitek, Inc. was founded in 2004 to help small to Medium Businesses get the most out of their technology. Since then we've grown to cover clients in multiple states while reducing their IT worries so that they can concentrate on growing their businesses and meeting their goals.
We provide affordable solutions that emphasize quality, security, and scalability. This ensures that our clients have reliable IT support throughout their business cycle regardless of their business sectors (public, private and nonprofit). As a technology solutions provider, we understand you need a robust, yet affordable technology infrastructure that provides you with the tools needed to set your business up for success.
Sign in with LinkedIn