January 2025 Newsletter

Welcome back to our monthly newsletter! We’re excited to get rolling in 2025 — and there’s already lots of identity security news to discuss. Let’s get started.

Threats under the microscope

What do the recent developments in AI mean for identity attacks??

We’re kicking off with a longer than usual read on all the AI hype we’re experiencing at the moment. Don’t leave yet, we promise it'll be nuanced and FUD-free.

A word about DeepSeek: DeepSeek, a Chinese LLM shaking up the status quo in the AI and tech markets, has grabbed most of the headlines in the last couple of weeks for its impressive capabilities, concerns over its affiliation with the Chinese state, and a slew of vulnerability disclosures as security researchers turn their attention to it (like DeepSeek publicly exposing two databases containing sensitive user and operational information).??

More of the same? We won’t be adding more noise to this situation or speculating as to its risk profile. Like the seismic launch of ChatGPT (and the host of GenAI apps that followed), the same risks apply. Though it does appear that DeepSeek has more than a few security holes, this isn’t necessarily any different to the myriad AI apps in circulation — which most organizations don’t realize are already in use among their workforce.?

How to think about the risks: To date, the impact of AI on cyber attacks has been seriously overhyped. Realistically, AI has been used to do two things: write better, quicker phishing emails, and assist in the creation of malicious code/tools. Both still require significant human input and oversight at every step. To achieve more sophisticated automation, attackers need to tie together automated browsers, get bot protection bypasses working, write code to extract screenshots from these browsers, pump those screenshots into a traditional LLM, generate response actions, and write code to execute those actions using browser automation. Lots of manual work, with constant maintenance required.

What we’re paying attention to: What is potentially more significant is the development of a new kind of AI agent — Computer-Using Agents (CUAs) — like OpenAI’s Operator.?CUAs are a new type of AI agent that drives your browser/OS for you. These tools are essentially no-code automation platforms, enabling low-cost, low-effort automation of common web tasks — including those frequently performed by attackers.

The development of Computer-Using Agents like OpenAI's Operator has the potential to have a much bigger impact on cyber attacks than LLMs like DeepSeek.

What makes CUAs different: Unlike other typical automation platforms, they interact with the same UI, and perform actions in the same way, as a typical human user — rather than using code or API-based methods. CUAs use LLMs trained on datasets that make them far more able to understand and interact with web pages. Coupled with what is essentially a production-grade integration between browser and LLM, and you have an agent that is able to understand and interact with websites with minimal input (as opposed to simply scraping the data) with much the same behaviors and capabilities as a human operator.

So what? Previously, identity attacks against modern SaaS environments and the sprawl of apps and accounts required a lot of manual work to scale. Because web identities are implemented in mostly bespoke ways across thousands of sites, attacks on them are challenging to automate, and thwarted by widespread bot protection — specifically to prevent malicious automation. So, attackers end up sending phishing links through email, targeting only a few high-value apps for cred stuffing — despite the availability of credentials online (which, as the Snowflake attacks demonstrate, can be very useful for attackers).

An example use case: Using stolen credentials at scale has never been easier with CUAs. Simply ask it to:

• “Find a list of the top 1000 SaaS apps.”?
• “Try to log in to the app using this username and password. Let me know which apps you successfully logged in to.”?
• “Use takeout services to download data from each app and send it to this location, grouping by company name” (or even just ask the model to cut and paste or download the data from the account).

Increasing risk of account takeover beyond the mailbox: Adoption of CUAs has the potential to significantly lower the cost to attackers of running identity attacks such as phishing and credential stuffing, while increasing their reach. We can expect to see phishing attacks being increasingly delivered outside of traditional (well-protected) mediums like email, and credential stuffing being weaponized on an even wider scale, across a broader range of apps. These capabilities will also become more accessible, with even less advanced attackers able to harness them.

Adoption of CUAs has the potential to significantly lower the cost to attackers of running identity attacks such as phishing and credential stuffing, while increasing their reach.

To read our thoughts in full, check out the latest blog post from our CPO, Jacques Louw.

Managing the risk posed by AI tools in your organization

It’s understandable that organizations are nervous about the use of AI tools. The primary concern is sensitive data or secrets being uploaded to the LLM, which in turn becomes part of the dataset, potentially resulting in this information being inadvertently exposed — either because the LLM is malicious, through prompt injection / jailbreak attacks on the model, or because of security flaws in the implementation.

If you do want to clamp down on unauthorized AI use, you should also be wary of privately hosted LLMs available through platforms like HuggingFace (which DeepSeek is also available through) — which last year reportedly hosted hundreds of malicious AI models. DeepSeek aside, you may be surprised by what your employees are already doing.?

We can help you with that …

Whenever there’s a new tool in the headlines (which happens weekly) the question that IT and security teams get is “are we using this thing?"

You can use Push to detect what apps are being used across your organization, showing you who is using it, when, and how — as well as applying in-browser controls guiding users to use the app safely, or blocking it entirely.?

Watch the video below to see it in action ??

And if you want to read more about our app banners feature, check out our blog post.

In the news

We’ll keep it brief, but the first identity-based breaches of the year have already started to roll in, with SaaS platforms being targeted using compromised credentials.?

December PowerSchool breach continues to unfold, highlighting SaaS platform risk

What happened: PowerSchool, a cloud-based software solutions provider for K-12 schools and districts that supports over 60 million students and over 18,000 customers worldwide, has started notifying individuals in the U.S. and Canada whose personal data was exposed in a late December 2024 cyberattack. Threat actors gained access to a community-focused customer support portal, PowerSource, using compromised credentials and stole data using an "export data manager" customer support tool. The stolen data primarily contains contact details such as names and addresses. However, for some districts, it could also include Social Security numbers (SSNs), personally identifiable information (PII), medical information, and grades.

Push’s perspective: This is another classic example of stolen credentials being used by attackers to achieve systemic compromise for minimal effort. The attack follows a similar pattern to previous headline breaches in that the attacker simply logged in and dumped the data they could access … It's too easy. There are clear similarities with the Snowflake attack path — except in this case, the attacker could access data belonging to many parties with a single set of credentials.?

Otelier SaaS hotel management breach platform impacts top hotel brands and customers

What happened: Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. The threat actors initially hacked the company's Atlassian server using an employee's login. These credentials were stolen through information-stealing malware.?

Push’s perspective: Stolen credentials and infostealer malware crop up again! We’re seeing a pattern forming with attackers targeting commonly-used cloud services like Atlassian/Jira — for example, Telefonica recently disclosed a Jira breach using compromised credentials, and Schneider Electric was impacted by a similar attack in November last year. Competing platforms are likely to come under scrutiny too as a result.?

—

What we’ve been up to

Our VP R&D, Luke Jennings, appeared on the Risky Business podcast to discuss his research on Cross-IdP Impersonation and Verification Phishing. You can check out a video excerpt below or get the full episode here (I recommend listening to the segment on the PowerSchool breach that we discussed earlier).?

We’ve had a reflective month, looking back at the identity-based breaches of 2024 and how our product roadmap was shaped by identity attacks through last year. Well worth a read!

?? Thanks for sharing your week with us. Please invite your friends to sign up.