Credential Attacks Remain Top Breach Vector
Seceon Inc. emphasized credential attacks as a major breach risk, positioning identity as the new security perimeter. They're pushing aiSIEM for early abuse detection, directly relevant to User & Identity pillar threats.
Credential attacks remain a primary breach vector, with 22% of breaches starting with stolen credentials in 2025. These attacks, where criminals use valid login data, are surpassing phishing and software vulnerabilities as preferred methods. IBM reports the average cost of a breach involving stolen credentials is $4.81 million. Credential stuffing, password spraying, and brute-force attacks are common techniques. Attackers use AI to predict passwords and bots to automate login attempts, leveraging massive databases of exposed credentials. A recent example is the Synthient credential stuffing breach, exposing nearly 2 billion compromised accounts. Seceon aiSIEM uses AI and ML to provide real-time threat detection and automated responses. It analyzes user behavior, network traffic, and application logs to identify anomalies and correlate them with threat intelligence. This approach helps detect both known and unknown threats, including zero-day attacks and lateral movement. For DoD compliance, a Zero Trust architecture is crucial, requiring continuous verification of every access request. The DoD mandates Zero Trust implementation by fiscal year 2027. Seceon aiSIEM aids in strengthening Zero Trust identity enforcement by correlating authentication anomalies with user behavior and environmental context. Splunk can be used to detect password spraying attacks by identifying unusual authentication patterns. Splunk Attack Analyzer automates the analysis of credential phishing threats. Identity Threat Detection and Response (ITDR) solutions also play a key role, integrating with existing security tools to provide real-time insights and automated responses to identity-based threats. ITDR uses AI/ML to detect anomalies in user behavior, helping identify sophisticated attacks like insider threats and credential misuse. These solutions employ threat intelligence feeds to anticipate new identity attack types and integrate with IAM and PAM systems for a cohesive defense. Adaptive access control, driven by ITDR, uses identity risk scores to inform access decisions. To defend against credential attacks, organizations should enforce MFA, block known breached passwords, and monitor the dark web for exposed credentials. Passkeys, which bind secret material to hardware, are emerging as a more secure alternative to passwords.
