Identity, Supply chain

PwC: Identity compromise a supply chain for attackers

(Adobe Stock)

PwC's "Cyber threats in motion" report warns that AI is giving attackers added sophistication, speed, and scale, but identity remains the fulcrum of entry, according to SecurityWeek.

Infostealer logs feed initial access brokers who sell identities to criminals, while AI enables convincing phishing, impersonation, and deepfake social engineering. Allison Wikoff, PwC's global threat intelligence leader for the Americas, said identity compromise has effectively become a supply chain where attackers mix buying and generating access based on efficiency.

AI is now used to automate reconnaissance, accelerate malware development, and scale social engineering across languages, though fully autonomous agentic attacks are not yet widespread. Wikoff noted some threat actors haven't changed their tactics in nearly a decade because traditional phishing and credential theft remain highly effective, and many organizations still grapple with basic security.

The report urges organizations to define systems, data, and identities whose compromise would have the greatest impact and align defenses accordingly. Different attackers have different motivations: Russia-based actors blend cyber and influence operations, while China-based actors sustain persistent access in critical infrastructure.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds