- 9
- March
In 2026, Identity-Based Attack has become the #1 cyber threat worldwide — attacks through "digital identities" (credentials, API keys, session tokens) account for nearly two-thirds of all data breaches, while AI cyberattacks increased by 89%, using phishing combined with credential theft as a powerful combo.
What is an Identity-Based Attack?
Identity-Based Attack is an attack where hackers steal or forge the digital identity of legitimate users — whether username/password, API keys, session tokens, or OAuth tokens — to access systems without needing to exploit any technical vulnerabilities.
This method is extremely dangerous because the system sees a legitimate user logging in normally — firewalls do not block it, antivirus does not alert, and logs record it as normal access.
5 Common Types of Identity-Based Attacks
| Attack Type | Method | Target | Danger Level |
|---|---|---|---|
| Credential Stuffing | Uses leaked passwords from other websites to attempt login (most people reuse passwords) | Any system using username/password | Very High |
| Phishing + Credential Theft | Tricks users into entering passwords on fake login pages | Corporate email, ERP systems, VPN | Very High |
| API Key Theft | Steals API keys from source code, config files, or git repositories | Cloud services, databases, APIs | Very High |
| Session Hijacking | Steals session tokens from browsers or network traffic | Web applications, ERP systems | High |
| OAuth Token Abuse | Tricks users into granting permissions via OAuth, then uses the token to access data | Google Workspace, Microsoft 365 | High |
Alarming Statistics:
- Identity abuse accounts for nearly two-thirds of all data breaches in 2026
- AI cyberattacks increased by 89% — using AI to write phishing emails and automate credential testing
- Attacks through API credentials have surged dramatically as organizations adopt API-first architecture
- On average, one employee has more than 100 accounts — and 65% reuse passwords
Why Have Identity Attacks Increased So Much in 2026?
- Cloud/SaaS adoption — Organizations use more cloud services = more credentials = more attack points
- API-first architecture — Systems connect via APIs = many API keys distributed everywhere
- Remote/Hybrid work — Employees work from anywhere = wider attack surface
- AI assists hackers — AI can automate credential testing thousands of times faster than humans
Traditional Hacking vs Identity-Based Attack Comparison
| Comparison | Traditional Hacking | Identity-Based Attack |
|---|---|---|
| Method | Exploiting software vulnerabilities | Using real credentials to log into the system |
| Detection | IDS/IPS can detect it | Very difficult to detect — looks like a normal user |
| Time Required | Must find exploits, which may take a long time | With credentials = instant access |
| Damage | Limited to the exploited vulnerability | Access to everything the user has permission for |
Impact on ERP Systems
ERP systems are a prime target for Identity-Based Attacks because they store an organization's most valuable data:
- Financial data — balance sheets, bank account numbers, transfer records
- HR data — salaries, national ID numbers, tax information
- Inventory data — cost prices, supplier contracts, procurement data
- Customer data — risk of PDPA violations with fines up to 5 million baht
Read more: Multi-Factor Authentication | ERP System Security | What is SQL Injection | Fake IT Support Attack
How to Prevent Identity-Based Attacks for Organizations
| ☐ | Enable Multi-Factor Authentication (MFA) on all systems — even with stolen passwords, access is denied without OTP/authenticator |
| ☐ | Rotate API keys regularly — change API keys every 90 days and revoke unused keys immediately |
| ☐ | Use Zero Trust Architecture — trust no one even within the same network; verify identity every time a resource is accessed |
| ☐ | Monitor anomalous login patterns — detect logins from unusual locations/times, such as logging in from abroad at 3 AM |
| ☐ | Use short-lived session tokens — set sessions to expire quickly (e.g., 30 minutes) to reduce session hijacking opportunities |
| ☐ | Mandate Password Manager usage — prohibit password reuse; generate unique passwords for every system |
| ☐ | Conduct Regular Access Reviews — audit access rights every 3 months; revoke access for departed/transferred employees immediately |
| ☐ | Use API Gateway + Rate Limiting — prevent credential stuffing by limiting the number of requests per IP/user |
Hackers no longer need to "break into" systems — they just "log in" with stolen passwords. Therefore, Identity Security must be the strongest first line of defense.
— Saeree ERP Development Team
References
- Cyber Security Review — News March 2026
- SecurityWeek — Cyber Insights 2026: Social Engineering
- Cybersecurity News Daily Recap — 07 March 2026
If your organization wants to strengthen Identity security and ERP systems — you can schedule a demo or contact our advisory team for further discussion.
