Report

Identity-Centric Threats: The New Reality

2025 Identity Threat Research Report

As the cyber threat landscape continues to evolve, identity-based attacks have rapidly become one of the most significant risks facing organizations today. Rather than targeting technical vulnerabilities, modern threat actors are exploiting compromised user identities, gaining direct access to critical business assets with less effort and greater impact.

This means that traditional security models built around perimeter defense and endpoint protection are fundamentally insufficient against adversaries who possess valid credentials.

Identity-based attacks are not an emerging threat that should simply be monitored; they are the current dominant attack vector that require organizations to have a strong 24/7 threat detection and response defense strategy in place to prevent business disruption.

In this report from eSentire’s Threat Response Unit (TRU), we share a detailed analysis of threat data from over 19,000 identity-related security investigations across our global customer base of the specific trends in identity-based attacks observed by TRU. New observations shared in this report show:

  • Identity-driven threats have skyrocketed since 2023, now accounting for 59% of all confirmed cases in early 2025, highlighting a 156% surge in identity-based attacks between 2023 - 2025.
  • Underground marketplaces and subscription-based attack platforms, such as Phishing-as-a-Service kits, are making it easier, and more lucrative, than ever for adversaries to compromise business email accounts and bypass multi-factor authentication.
  • Information stealer malware is no longer limited to basic credential theft; these advanced platforms extract browser credentials, password manager databases, VPN configs, and more, fueling a thriving black market for stolen identities.
  • Unmanaged devices, shadow IT, and third-party partners are creating security blind spots, allowing attackers to slip past traditional controls undetected.

Download the full 2025 Identity-based threats research report to get actionable recommendations for continuous authentication, credential monitoring, and rapid identity threat response, and learn how your organization can defend itself against the next wave of sophisticated cyberattacks.

Download Now

As the cyber threat landscape continues to evolve, identity-based attacks have rapidly become one of the most significant risks facing organizations today. Rather than targeting technical vulnerabilities, modern threat actors are exploiting compromised user identities, gaining direct access to critical business assets with less effort and greater impact.

This means that traditional security models built around perimeter defense and endpoint protection are fundamentally insufficient against adversaries who possess valid credentials.

Identity-based attacks are not an emerging threat that should simply be monitored; they are the current dominant attack vector that require organizations to have a strong 24/7 threat detection and response defense strategy in place to prevent business disruption.

In this report from eSentire’s Threat Response Unit (TRU), we share a detailed analysis of threat data from over 19,000 identity-related security investigations across our global customer base of the specific trends in identity-based attacks observed by TRU. New observations shared in this report show:

  • Identity-driven threats have skyrocketed since 2023, now accounting for 59% of all confirmed cases in early 2025, highlighting a 156% surge in identity-based attacks between 2023 - 2025.
  • Underground marketplaces and subscription-based attack platforms, such as Phishing-as-a-Service kits, are making it easier, and more lucrative, than ever for adversaries to compromise business email accounts and bypass multi-factor authentication.
  • Information stealer malware is no longer limited to basic credential theft; these advanced platforms extract browser credentials, password manager databases, VPN configs, and more, fueling a thriving black market for stolen identities.
  • Unmanaged devices, shadow IT, and third-party partners are creating security blind spots, allowing attackers to slip past traditional controls undetected.

Download the full 2025 Identity-based threats research report to get actionable recommendations for continuous authentication, credential monitoring, and rapid identity threat response, and learn how your organization can defend itself against the next wave of sophisticated cyberattacks.

Get The Report