Close Menu
Cybercrime and Ransomware

Gefährliche Angriffe: Wie Cyberkriminelle Ihre Identität angreifen

Staff WriterBy No Comments4 Mins Read5 Views

Essential Insights

  1. Cyberattackers increasingly exploit legitimate access and stolen credentials, with 97% of incidents involving passwords, highlighting a shift from hacking to misuse of existing accounts.
  2. Business-Email-Compromise (BEC) accounts for over 70% of attacks, often going undetected for weeks, with phishing as a common initial entry point.
  3. Ransomware remains a major threat, facilitated by Ransomware-as-a-Service and the sale of insider access, blurring lines between external and insider threats.
  4. Vulnerable industries such as manufacturing, construction, and logistics are most affected, typically through unprotected apps, insecure remote access, or phishing attacks.

The Issue

The Eye Security’s 2026 State of Incident Response Report reveals that cybercriminals are increasingly targeting digital identities, mainly exploiting existing access rather than hacking systems outright. These attacks often occur unnoticed and cause damage within minutes. Notably, 97% of identity-based incidents involve passwords, illustrating that cybercriminals are abusing legitimate accounts. The report confirms that traditional tactics like phishing, social engineering, and vulnerabilities in internet-connected systems still dominate their methods. Business-Email-Compromise (BEC) emerges as the most common attack type, accounting for over 70% of incidents, with many going undetected for weeks. Ransomware continues to threaten organizations, especially with the rise of Ransomware-as-a-Service and professional marketplaces for stolen credentials. This trend has blurred the lines between external attacks and insider threats, as groups like ShinyHunters actively recruit insiders to access sensitive data. The study focuses on over 630 real incidents across Europe, predominantly affecting industries such as manufacturing, construction, and logistics, where weak security practices like unprotected remote access and phishing remain prevalent.

Security Implications

The issue of “Identitäten im Fokus von Cyberkriminellen” — or identity-focused cybercrime — can strike any business, regardless of size or industry. When cybercriminals target identities, they exploit sensitive data like customer information, employee credentials, or business secrets. Consequently, this theft can lead to financial losses, legal penalties, and severe reputational damage. Moreover, compromised identities often result in unauthorized access, disrupting operations and stealing valuable assets. As a result, firms face costly recoveries and diminished trust from clients and partners. In short, without robust security, any business remains vulnerable to identity-focused attacks, which can harm both its financial stability and long-term viability.

Possible Actions

Ensuring rapid remediation of identity-related cyber threats is crucial to prevent the exploitation of individual and organizational assets by malicious actors. Prompt action minimizes damage, safeguards sensitive information, and maintains trust in digital systems.

Mitigation Strategies

  • Continuous Monitoring: Implement real-time identity activity tracking to detect anomalies early.
  • Access Controls: Enforce strict authentication and authorization protocols to limit unnecessary access.
  • User Education: Train employees on recognizing and reporting suspicious activities involving identities.
  • Multi-Factor Authentication (MFA): Require multiple verification steps to enhance identity verification.
  • Identity Verification: Conduct regular verification processes for user identities, especially after onboarding or access changes.
  • Account Management: Promptly disable or recover compromised accounts to reduce attack surface.
  • Patch & Update: Regularly update identity management systems to address vulnerabilities.
  • Incident Response Planning: Develop and test procedures specifically targeting identity compromise scenarios.

Remediation Actions

  • Containment: Immediately isolate compromised identity accounts to prevent further misuse.
  • Eradication: Remove malicious access rights and fix identified vulnerabilities.
  • Recovery: Reinstate verified identities and restore normal operations safely.
  • Notification: Inform affected parties and authorities in accordance with legal and regulatory obligations.
  • Analysis & Improvement: Review incidents to identify gaps and refine security controls for future resilience.

Continue Your Cyber Journey

Discover cutting-edge developments in Emerging Tech and industry Insights.

Learn more about global cybersecurity standards through the NIST Cybersecurity Framework.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1cyberattack-v1-multisource

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.