NHI Forum

Notifications

Clear all

The Silent Threat: How Phishing Attacks Now Target Non-Human Identities

Entro Security · 2025-07-30T15:31:42Z

Read full article here:is evolving — and non-human identities (NHIs) are the new prize. While traditional phishing once focused on stealing user passwords or payment data, today’s attackers are going after something more powerful: machine credentials that live behind the scenes. These include service accounts, personal access tokens (PATs), API keys, and credentials — all critical to modern infrastructure, and all increasingly at risk. Why It Matters Once inside the network, attackers no longer stop at human credentials. They pivot toward non-human identities, which often: Carry elevated, long-standing privileges Operate autonomously and undetected Lack proper monitoring, rotation, and ownership This makes NHIs ideal for lateral movement, privilege escalation, and persistent access — all while blending in with normal system traffic. Real-World Impact Let’s look at some real-world examples to drive this home: Internet Archive in 2024: Attackers leveraged stale access tokens in their Zendesk platform, compromising over 800,000 support tickets with data stretching back to 2018. Schneider Electric in 2024: Hackers exploited exposed non-human identity credentials in the development environment, making off with 40GB of data, including 400,000 records with names, emails, and critical project details. The New York Times in 2024: An over-privileged GitHub token was exploited, giving attackers access to all of the Times’ source code repositories. The cost? Millions in financial damage, compliance fines, and operational downtime — all from identities that often go unmonitored. Defense strategies Security teams must move beyond reactive identity controls. The future of defense is machine identity-first: Contextual Secrets Rotation - Triggered by behavioral anomalies, not static schedules Zero Trust for Machines - Temporary, task-specific access for every non-human identity Real-Time Monitoring - AI-driven baselines for normal NHI behavior Comprehensive Visibility - Full inventory, ownership mapping, and risk scoring of all machine identities

Last Post

RSS

Entro Security

(@entro)

Eminent Member

Joined: 6 months ago

Posts: 8

Topic starter 30/07/2025 3:31 pm

Read full article here: https://entro.security/blog/how-phishing-targets-nhis/?source=nhimg

Phishing is evolving — and non-human identities (NHIs) are the new prize.

While traditional phishing once focused on stealing user passwords or payment data, today’s attackers are going after something more powerful: machine credentials that live behind the scenes. These include service accounts, personal access tokens (PATs), API keys, and credentials — all critical to modern infrastructure, and all increasingly at risk.

Why It Matters

Once inside the network, attackers no longer stop at human credentials. They pivot toward non-human identities, which often:

Carry elevated, long-standing privileges
Operate autonomously and undetected
Lack proper monitoring, rotation, and ownership

This makes NHIs ideal for lateral movement, privilege escalation, and persistent access — all while blending in with normal system traffic.

Real-World Impact

Let’s look at some real-world examples to drive this home:

Internet Archive in 2024: Attackers leveraged stale access tokens in their Zendesk platform, compromising over 800,000 support tickets with data stretching back to 2018.
Schneider Electric in 2024: Hackers exploited exposed non-human identity credentials in the development environment, making off with 40GB of data, including 400,000 records with names, emails, and critical project details.
The New York Times in 2024: An over-privileged GitHub token was exploited, giving attackers access to all of the Times’ source code repositories.

The cost? Millions in financial damage, compliance fines, and operational downtime — all from identities that often go unmonitored.

Defense strategies

Security teams must move beyond reactive identity controls. The future of defense is machine identity-first:

Contextual Secrets Rotation - Triggered by behavioral anomalies, not static schedules
Zero Trust for Machines - Temporary, task-specific access for every non-human identity
Real-Time Monitoring - AI-driven baselines for normal NHI behavior
Comprehensive Visibility - Full inventory, ownership mapping, and risk scoring of all machine identities

This topic was modified 1 week ago 2 times by Abdelrahman

Quote

Topic Tags

Forum Statistics

8 Forums

156 Topics

171 Posts

3 Online

81 Members

Latest Post: Clarity’s Identity Governance Framework: Enforcing Least Privilege at Every Tier Our newest member: ccstktk8 Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).

Get in Touch

Quick Links

News Articles

Legal & Policies