![Who’s Logging In? [OMITB]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://megaphone.imgix.net/podcasts/8797f03a-a50b-11ea-b6c0-87ebb093948d/image/hacking-humans-cover-art-cw.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
Hacking Humans
Who’s Logging In? [OMITB]
Why It Matters
Understanding the move to identity‑focused threats is crucial for organizations, as compromised credentials can grant attackers unfettered access to cloud services, financial systems, and sensitive data. The discussion underscores that even with MFA in place, sophisticated phishing kits and token theft remain viable, prompting a need for stronger controls like hardware security keys and improved user education.
Key Takeaways
- •Identity attacks now exceed 50% of confirmed threats.
- •Compromised credentials total 414 billion across datasets.
- •67% of account takeovers succeed despite MFA enabled.
- •Tycoon phishing kit sells for $120, enables MFA bypass.
- •Zero‑trust and hardware keys essential against credential theft.
Pulse Analysis
The episode opens with a stark shift in threat data: Sophos’ 2026 Active Adversary Report, SpyCloud’s identity exposure findings, and Red Canary’s detection study all show identity‑related incidents now dominate, accounting for more than half of confirmed attacks. With 414 billion compromised credentials floating in underground caches, threat actors are abandoning traditional malware exploits in favor of direct credential abuse. This trend matters because identity compromise grants attackers immediate, unrestricted access to cloud services, privileged accounts, and sensitive data, reshaping the cyber‑risk landscape for enterprises worldwide.
Hosts dive into the mechanics behind the surge. Info‑stealers harvest an average of 87 credentials per infected device, while token‑theft techniques let adversaries reuse session cookies and API keys even after multi‑factor authentication (MFA) is enabled. Their data shows 99% of organizations faced account‑takeover attempts, with 67% succeeding and 59% of those accounts protected by MFA—highlighting sophisticated phishing kits like Tycoon, sold for $120 on Telegram, that bypass MFA through man‑in‑the‑middle attacks. The discussion underscores that MFA alone no longer guarantees security; attackers now exploit credential‑phishing, token replay, and social engineering to impersonate legitimate users.
To counter this identity‑first threat model, experts recommend a zero‑trust architecture combined with strict least‑privilege controls and conditional access policies. Micro‑segmentation, continuous monitoring of privileged account sprawl, and hardware security keys—still 99.9% effective against account takeover—form a layered defense. By treating identity as the new perimeter and enforcing granular access rules, organizations can detect anomalous logins, limit lateral movement, and ultimately reduce the attack surface that credential theft seeks to exploit.
Episode Description
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski, former FBI cybercrime investigator and now Chief Global Ambassador at Qintel.
Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we discuss findings from the Sophos Active Adversary Report 2026 by Sophos, highlighting how identity-related weaknesses like compromised credentials and gaps in MFA continue to drive a majority of security incidents. The conversation explores how attackers are moving faster, often operating after hours, and how a growing number of threat groups is adding to the complexity.
Comments
Want to join the conversation?
Loading comments...