AI amplifies cyber threat; non-human identities at risk

A new report by Delinea highlights the growing threat of AI in reshaping cyber attacks and the vulnerabilities it introduces in identity security.

The "Cybersecurity and the AI Threat Landscape" report uncovers that for every human identity, there are 46 non-human identities (NHIs), which suggests a vast attack surface that has largely gone unnoticed. This provides cyber attackers with numerous opportunities to exploit gaps in identity security.

Additionally, the report details that 97% of organisations are exposing NHIs to third-party associations, thereby increasing their susceptibility to attacks. The security incidents involving multi-factor authentication (MFA) were reported to be almost 50%, indicating that MFA is not as foolproof a security measure as it was originally believed to be. In 2024, deepfake attempts were noted every five minutes as face-swap attacks increased by 704% in just six months. Furthermore, five ransomware groups, with LockBit as the principal actor, were responsible for 36% of ransomware activities totalling over 5,700 incidents.

The report indicates a significant rise in attacks targeting non-human identities, including service accounts, APIs, and machine identities. The research conducted by Delinea reveals that for every human identity, approximately 46 NHIs exist, with the number expected to surpass 45 billion by 2025. A worryingly high percentage of NHIs, over 70%, are not rotated within advised timeframes, with the average rotation cycle being 627 days, which significantly deviates from best practices. Exposure of these NHIs to third parties by 97% of organisations further compounds the risk.

Jon Kuhn, Senior Vice President of Product Management at Delinea, noted, "One of the biggest challenges identified in the report is the increasing targeting of non-human identities. For organizations, this shift means they are facing a massive and often ignored security gap. With the number of these machine identities expected to grow exponentially in the coming years as enterprises continue to rapidly adopt AI, the lack of proper credential management and the exposure of these identities to third parties creates serious vulnerabilities that cyber attackers can exploit to gain unauthorized access to critical systems and data."

Ransomware attacks saw a notable rise and increased sophistication in 2024, with a shift towards double extortion tactics. Attackers now both encrypt and exfiltrate sensitive data, subsequently threatening to release it unless paid. RansomHub, LockBit, Play, Akira, and Hunters emerged as the most significant ransomware groups responsible for these incidents, constituting over a third of the monitored ransomware attacks. There is also a forecasted escalation of AI-driven phishing attacks, with such threats becoming indistinguishable from legitimate communication.

"The rise in ransomware sophistication and the increasing prevalence of AI-driven attacks are undeniable trends in today's cybersecurity landscape," stated Gal Diskin, Vice President of Threat & Research at Delinea. "Our research reveals that cybercriminals are increasingly using AI and powerful Ransomware-as-a-Service (RaaS) tools to launch more targeted and scalable attacks, particularly around phishing and machine identities. To stay ahead, organizations must adapt their security strategies, focusing not just on advanced threat detection, but also foundational security controls and strengthening multi-factor authentication (MFA) to combat the growing threat of credential phishing."

Delinea Labs, which serves as the research and development wing of Delinea, is deeply engaged in studying emerging cyber threats. Comprising a team of experts in security and threat intelligence, the group performs comprehensive studies on attack strategies and vulnerabilities to help organisations defend against evolving threats. The team also explores how AI can bolster threat detection, risk assessment, and identity security.