Identity-centric threats refer to attacks that primarily target user identities and authentication mechanisms rather than exploiting technical vulnerabilities in systems. This shift has been driven by the realization that compromising user identities provides direct access to valuable organizational assets with less technical complexity. Recent data shows that identity-driven threats have increased by 156% between 2023 and 2025, now accounting for 59% of all confirmed threat cases.

Cybercrime-as-a-Service platforms have reshaped the landscape of identity theft by lowering the barrier to entry for threat actors. These platforms offer specialized services, such as Phishing-as-a-Service, which allow even those with limited technical skills to execute sophisticated identity theft campaigns. For example, platforms like Tycoon2FA, which can be rented for $200-300 per month, provide advanced credential harvesting capabilities, contributing to the increased frequency and sophistication of identity-centric attacks.

Organizations should rethink their security posture by assuming that identities will be compromised. This includes implementing continuous authentication verification, comprehensive credential monitoring, and rapid response capabilities for identity-based threats. Regular threat hunting for unusual sign-ins, modifications to multi-factor authentication methods, and monitoring for suspicious email forwarding rules can also help mitigate risks associated with identity-centric attacks.