Initial Access: Why Identity, Not Malware, Is Now the Primary Battleground for Security Teams

In this exclusive TechNadu interview, Fabio Fratucello, Field CTO World Wide at CrowdStrike, outlines how today’s threat actors are increasingly bypassing traditional defenses by abusing credentials, targeting help desks, and compromising cloud systems without deploying malware.

Fratucello brings over 25 years of global leadership in cybersecurity and technology, having held executive roles at Westpac, HP Australia, UBS, and more, before scaling CrowdStrike’s international tech roadmap

Fratucello tells us that nearly 80% of initial access attacks today are malware-free — up from just 40% in 2019. The growing presence of access brokers and a 442% surge in vishing attacks point to a changing threat landscape where human vulnerabilities, not system flaws, are the preferred entry point.

Fratucello also shares insights on LLMjacking, adversarial AI, and what organizations must do to secure modern AI infrastructure. From unified detection platforms to zero trust and identity-first defense, the path forward demands rethinking how security visibility is built and applied across domains.

Vishwa: Elaborate on how adversaries are evolving their techniques around identity compromise, and how organizations can get ahead of this trend.

Fabio: Attackers have shifted from breaking systems to using stolen credentials for legitimate-looking access. This approach allows them to operate as legitimate users, bypassing conventional security controls while moving across endpoint, identity, and cloud systems. 

Recent threat intelligence shows 79% of initial access attacks now avoid malware entirely — a significant increase from 40% in 2019. Access broker activity has also surged 50% year-on-year. Organizations need unified, identity-focused security that delivers real-time visibility and control across all domains, eliminating the blind spots where adversaries hide in plain sight.

Vishwa: We’ve seen a sharp rise in vishing and help desk impersonation. Why do you think these social engineering tactics are proving so effective?

Fabio: Adversaries increasingly target humans rather than technology systems through phishing, voice phishing (vishing), callback phishing, and SMS-based attacks. Recent data reveals a 442% surge in vishing between the first and second half of 2024, with initial access attacks accounting for 52% of all vulnerabilities. 

These tactics succeed because they exploit human psychology rather than software flaws. Attackers appear legitimate, making detection difficult until later in an intrusion, which delays effective response and remediation efforts.

Vishwa: How can organizations detect, respond, and defend against advanced social engineering attacks, such as help desk impersonation and callback phishing?

Fabio: Organizations must provide continuous employee education programs that improve recognition of sophisticated phishing attempts. This cybersecurity training needs to be engaging, continuous, and aligned with current threats. However, education alone is insufficient. 

Organizations must combine training with robust technology capabilities, including identity security, multi-factor authentication, and passwordless solutions. Zero trust principles and AI-powered threat detection should be orchestrated through unified platforms capable of detecting and stopping human-targeted attacks in real-time.

Vishwa: With nearly 80% of attacks now malware-free, how does this shift impact traditional detection strategies? How should security companies adapt their detection and response capabilities in this context?

Fabio: The shift from malware to credential-based attacks challenges organizations relying on traditional security measures and legacy tools. Attackers logging in with stolen credentials blend their activity with legitimate traffic, bypassing outdated security products designed for malware detection. 

To detect identity-driven, cross-domain attacks, organizations need unified security platforms that connect identity, cloud, and endpoint data in real-time using AI. This approach provides necessary visibility to eliminate blind spots, detect suspicious activity, and rapidly respond to stop breaches.

Vishwa: Can you explain LLMjacking and the broader risks AI/ ML environments face today?

Fabio: Recent threat intelligence reveals adversaries are using AI to exploit organizations through both social engineering and infrastructure targeting. LLMjacking occurs when attackers use stolen credentials to hijack enterprise AI systems, allowing unauthorized access to models and data through API vulnerabilities. 

Adversarial AI jailbreaking represents an emerging risk where attackers manipulate AI models to bypass security systems and evade detection. Adversaries also use AI to create sophisticated, customized malware, increasing attack complexity and scale. As adversaries adopt AI, security teams must embrace these same technologies for defense.

Vishwa: What are some emerging best practices for securing enterprise AI infrastructure?

Fabio: Organizations must actively monitor AI integrations, protect against model tampering, and detect misconfigurations. Key capabilities include AI Security Posture Management (AI-SPM), which provides comprehensive visibility and protection for AI models by detecting misconfigurations and identifying vulnerabilities for secure innovation. 

Organizations benefit from specialist services to strengthen AI integration security. Proactive vulnerability identification and mitigation within AI systems helps organizations maintain secure AI deployments, while enabling continued innovation and business value.

Vishwa: Access brokers and the surge in their advertisements highlight the value of stolen credentials. How does the identity protection layer disrupt the access broker economy?

Fabio: Stolen credential combinations allow adversaries to access systems legitimately rather than breaking in. This activity appears legitimate, making detection difficult while enabling attackers to create persistence, access additional identities, exploit cloud environments, and deploy ransomware or exfiltrate data. 

Organizations should implement identity-focused approaches applying zero trust principles, continuous access monitoring, strengthened authentication through multi-factor and passwordless solutions, and privilege reduction. 

This comprehensive identity protection approach provides the security foundation organizations need to protect their operations.

Vishwa: In today’s threat environment, what does a unified security platform look like, and how can it help streamline detection, response, and overall cyber resilience across hybrid and multi-cloud systems?

Fabio: Unified security approaches provide organizations with capabilities to stop breaches effectively. Adversaries are increasingly sophisticated, leveraging new technologies to accelerate attacks while overwhelming defenders through coordinated strikes across identity, endpoint, and cloud domains. 

Organizations need unified platforms providing cross-domain visibility to understand system-wide activity and initiate appropriate responses. Single-agent, unified platforms where modules share data and insights power advanced AI that correlates platform-wide activity, delivering machine-speed detection and response capabilities.

Vishwa: Agentic AI and proactive defense models are gaining traction. How do you see AI transforming real-time threat detection and response for organizations to help keep pace with adversaries?

Fabio: Advanced AI systems are transforming threat detection by providing autonomous analysis and response capabilities, acting as genuine force multipliers for security teams. These systems transcend traditional ask-and-respond models, delivering autonomous reasoning and action on comprehensive data sets. 

AI-driven detection systems can validate and prioritize threats with over 98% accuracy, potentially saving security teams up to 40 hours weekly in manual alert processing. This autonomous capability enables organizations to respond to threats at machine speed while freeing human analysts for strategic security initiatives.

Vishwa: Looking ahead, what do you believe will define cloud security over the next 12–18 months? What should organizations prioritize to defend against cloud intrusions? 

Fabio: Cloud intrusions increased 26% in 2024, with valid account abuse being the primary access method. Traditional cloud security approaches using fragmented, bolted-on solutions are insufficient. Organizations need unified cloud security strategies securing applications, identities, infrastructure, workloads, SaaS platforms, and AI from single platforms. 

This approach closes protection gaps while reducing complexity and costs. Organizations should reassess runtime protection, ensure comprehensive cloud environment visibility, and adopt modern cloud detection and response capabilities to effectively detect and respond to cloud-focused threats.