The most dangerous cybersecurity threat of the moment is an attacker with access to legitimate identity information for a given system, according to a report issued today by endpoint security and threat intelligence vendor CrowdStrike.\n\nAccording to the report, interactive intrusions (which the company defines as those in which an attacker is working actively to accomplish some illicit end on a victim\u2019s system), are increasingly implemented using strategies that involve compromised identity information for access to a target. During the past year, both government-backed and organized crime hacking groups have raised their game with improved phishing techniques and social engineering \u201ctradecraft.\u201d\n\n\u201cThe biggest trend that we\u2019ve seen is that everything is moving towards identity,\u201d said Adam Meyers, head of intelligence at CrowdStrike. \u201c80% of attacks involved identity and compromised credentials.\u201d\n\nThose credentials can be compromised in the traditional way, using email phishing and social engineering, or they can be purchased on the dark web, sourced from other types of compromised systems. Once they have access to a target system, cybercriminals use a range of techniques to achieve their ends, and the report said that the use of remote monitoring and management software is sharply on the rise.\n\n\u201cThreat actors understand that there are security tools out there that impede the way they operate,\u201d noted Meyers. \u201cSo they\u2019re trying to use techniques that don\u2019t trigger that security.\u201d Compromised login IDs are hard to detect, and must generally be discovered by monitoring for unusual account behavior.\n\nA move away from what he described as a \u201cMicrosoft monoculture\u201d in the enterprise would be a positive step toward stemming the current flow of identity based attacks, Meyers said.\n\n\u201cOrganizations have gone all in with Microsoft, they have good OSes and productivity suites, but a history of poor security,\u201d Meyers said.\n\nKerberos-based attacks on the rise\n\nIn particular, Kerberos-based attacks against Windows systems have been on the rise, according to CrowdStrike. The technique of \u201cKerberoasting\u201d (compromising a Kerberos ticket by cracking its encryption offline) has been particularly successful of late, since Windows uses Kerberos as a key authentication method.\n\nThe report also includes information about the growing cloud-based threat posed by the use of privilege escalation tools like LinPEAS, which can be used to enumerate information about a cloud environment, including metadata, network attributes and even security credentials, depending on the service provider and its configuration. CrowdStrike recommends applying on-premises security techniques to all cloud workload instances, including restricting outbound connections from those instances to whitelisted addresses.