In 2025 organizations must brace themselves for an evolving landscape of identity security threats. The rapid advancement of technology and the increasing sophistication of cybercriminals necessitate a proactive approach to safeguarding sensitive information. Okta, a leading identity management company, provides an in-depth analysis and expert predictions on emerging trends and potential threats to identity security within the next few years. This comprehensive overview aims to better equip organizations to prepare and implement effective strategies to counter these evolving threats, ensuring robust protective measures against increasingly sophisticated cyberattacks.
Identifying and understanding these threats is crucial for organizations worldwide to maintain the security and integrity of their data. Insights from Okta’s experts, including Regional CSO Brett Winterford, Director of Threat Analysis and Research Tim Peel, and Senior Manager of Identity Threat Research Moussa Diallo, reveal a host of potential threats that organizations should anticipate. By gaining this knowledge, companies can proactively address these risks, adopting strategies to mitigate the impact of attacks and ensure the resilience of their security infrastructure.
Craftier Phishing Kits
Phishing attacks have evolved significantly, growing more sophisticated and effective over the years. Early phishing attempts often relied on simple, deceptive emails or fake websites to trick individuals into relinquishing sensitive information. Nowadays, cybercriminals deploy advanced, pre-packaged phishing kits to launch wider and more polished attacks. These kits are often sold as phishing-as-a-service (PhaaS) solutions, with notable examples including ONNX and FishXProxy. Such kits enable even novice cybercriminals to launch complex attacks with ease, thereby expanding the reach and potential damage.
One concerning trend is the ability of these kits to defeat advanced security measures. For instance, they can bypass “impossible travel” detection, which flags login attempts from vastly different geographic locations by spoofing or proxifying IP addresses. Additionally, these kits exploit protection services meant to guard against phishing. Cybercriminals hijack anti-phishing URL protection services, turning them against users by corrupting what were initially considered “sanitized” links.
Moreover, many phishing kits now incorporate artificial intelligence (AI) capabilities, enhancing their effectiveness. A recent study indicated that an alarming 75% of phishing kits on criminal forums boast some form of AI, and over 80% claim to offer “deepfake” features. These AI-driven facets enable attackers to craft convincing and personalized phishing attempts, making it more challenging for individuals and organizations to discern legitimate communications from fraudulent ones.
To counter these sophisticated advancements, experts at Okta recommend several measures. Organizations should implement phishing-resistant authentication methods such as passkeys, number-matching push notifications, hardware keys like Yubikeys, and Okta’s FastPass system. Blocking IP-anonymizing services such as Tor is also advised. Additionally, employee education and ongoing awareness training are paramount to equipping individuals with the knowledge to recognize and react appropriately to phishing attempts.
The Return of Device-Based Attacks
As organizations adopt phishing-resistant multifactor authentication (MFA) and bolster encryption protocols, cybercriminals are likely to shift their focus towards compromising endpoint devices directly. These device-based attacks bypass the need to intercept or mimic users’ communications by targeting the hardware and software people use daily, such as smartphones and laptops. This method presents a significant threat as it circumvents many of the defenses established to protect user credentials and data transmissions.
Device-based attacks can encompass a wide range of techniques. Spyware apps on Android devices or malicious browser extensions on popular operating systems like Windows, macOS, and Linux are capable of capturing sensitive information such as credentials and session cookies. Future attacks may hone in on smartphone and laptop passkeys, which, while stored securely, are often transmitted between devices, creating new exploitable vectors for cybercriminals. Additionally, home and small-office routers present another avenue for attack, as many remain vulnerable due to outdated firmware or unaltered default configurations. Compromised routers can redirect traffic to malicious phishing sites or be used to anonymize cybercriminal activities.
To protect against these emerging threats, organizations might consider several strategies. Firstly, using managed devices exclusively for business-related activities can help control the security environment and ensure consistent application of protective measures. Implementing mobile device management (MDM) on user-owned smartphones accessing company resources can further enhance security. Deployment of endpoint detection and response (EDR) solutions or robust antivirus software are also critical measures in identifying and mitigating device-based threats. Additionally, adopting secure enterprise browsers can provide an extra layer of defense against evolving cyberattacks.
Business Processes as Targets
A major area of concern identified by Okta’s experts is the potential for cybercriminals to exploit business processes rather than focusing solely on technology vulnerabilities. These attackers often employ social engineering techniques to manipulate human elements within organizations, capitalizing on workflow-related weaknesses. This approach can be highly effective, as it leverages the inherent trust and established practices within an organization to bypass technological defenses.
For instance, an attacker might pose as a new employee seeking assistance from a help desk or exploit publicly available information obtained from platforms like LinkedIn or Facebook to gain organizational trust and access sensitive areas. A recent high-profile incident involved the compromise of a major access-management provider by a state-sponsored attacker who utilized social engineering tactics. The attacker’s ability to seamlessly integrate into organizational workflows and exploit systemic vulnerabilities highlighted the critical need for comprehensive and robust verification processes.
To safeguard against these risks, organizations should implement strong employee-verification methods, particularly during hiring and onboarding processes or whenever an employee reaches out to the help desk. Simple yet effective measures such as verification callbacks to known IT staff can ensure the authenticity of requests and communications. By enhancing the verification protocols and reinforcing the need for thorough identity checks, organizations can significantly reduce the risk of social engineering attacks and improve overall security resilience.
Expanded Downgrade Attacks
Downgrade attacks present another formidable threat, with attackers tricking devices or services into using less secure protocols or older, vulnerable technologies. This approach exploits backward compatibility features to undermine the security integrity of modern systems. For example, mobile devices can be coerced into switching from secure 5G or 4G networks to less secure 3G or 2G networks. Similarly, malicious web servers might prompt browsers to downgrade encryption standards or entirely disable secure communications.
An alarming aspect of downgrade attacks is their ability to exploit widespread and trusted systems. For instance, even Windows Update can be manipulated to revert PCs to less secure builds of Windows, exposing them to potential vulnerabilities. Cybercriminals can also spoof Wi-Fi network names to force connections to insecure networks, further endangering user data and communications. Social engineering amplifies these attacks by convincing users to disable secure authentication methods or lower security settings, thereby facilitating an attacker’s objectives.
Preventing downgrade attacks requires a multi-faceted approach. Organizations need to disable backward compatibility with outdated protocols, ensuring legacy systems are updated or replaced with secure alternatives. Educating employees about the risks associated with downgrade attacks is equally crucial, as informed users are more likely to resist attempts to lower security settings or employ insecure authentication tools. Forbidding fallbacks to phishing-susceptible methods, such as SMS-transmitted one-time passcodes, represents another vital strategy. Strengthening security protocols and consistently enforcing the use of secure technologies can help organizations maintain a robust defense against downgrade attacks.
AI-Driven Threats
Looking ahead, the role of artificial intelligence (AI) in cyber threats is expected to grow significantly, raising the bar for security challenges. AI’s potential to enhance phishing, deepfakes, and other social engineering attacks presents a stark reality for organizations attempting to safeguard their identities and data. The capabilities of AI to convincingly manipulate reality were demonstrated in an incident where a Hong Kong employee was tricked into transferring $25 million by AI-generated deepfake colleagues. While developing sophisticated deepfakes currently demands significant resources, accessible AI tools like ChatGPT are making such high-level attacks more achievable and affordable for cybercriminals.
Reports indicate that countries like Russia, China, North Korea, and Iran are already leveraging AI tools for cyber operations, creating new and more complex challenges for organizations worldwide. AI-integrated systems, such as Microsoft Copilot, could be exploited for more effective and adaptive malware, transforming the landscape of cyber threats. AI also streamlines spear-phishing efforts by automating data collection, crafting personalized attack messages, and maintaining continuous interactions with targets, significantly increasing the likelihood of successful breaches.
To counteract AI-driven threats, fostering a culture where employees feel empowered to question unusual requests from senior leaders is essential. Establishing clear protocols and verification steps for authentication and transaction approvals can provide additional layers of security. By anticipating the inevitability of real-time deepfakes and incorporating AI-resistant strategies, organizations can better prepare for and mitigate the risks associated with these advanced threats.
Conclusion
As companies increasingly adopt phishing-resistant multifactor authentication (MFA) and strengthen their encryption protocols, cybercriminals are likely to change tactics, focusing more on compromising endpoint devices directly. These attacks on personal hardware and software, such as smartphones and laptops, can bypass many of the safeguards designed to protect user credentials and secure data transmissions. This shift represents a significant security threat.
Device-based attacks employ various techniques. For instance, spyware apps on Android devices or malicious browser extensions on popular operating systems like Windows, macOS, and Linux can capture sensitive data, including credentials and session cookies. Future attacks may target passkeys on smartphones and laptops, exploiting the fact that these keys, though securely stored, often need to be transmitted between devices. Home and small-office routers also pose a risk, as many are susceptible to breaches due to outdated firmware or unchanged default settings. Compromised routers can redirect traffic to malicious sites or obscure cybercriminal activities.
To address these emerging threats, organizations can adopt several strategies. Limiting business activities to managed devices helps control the security environment and ensure consistent application of protective measures. Introducing mobile device management (MDM) on user-owned smartphones that access company resources further boosts security. Additionally, deploying endpoint detection and response (EDR) solutions or strong antivirus software is crucial for identifying and mitigating device-based threats. Lastly, using secure enterprise browsers adds an extra layer of defense against evolving cyberattacks.
