Cybersecurity Expert Discusses Evolution of Identity-Driven and Browser-Based Threats

The video features a cybersecurity discussion with Adam Baitman, founder of Push Security, focusing on the evolution of identity-driven attacks and browser-based threats. Attackers increasingly bypass identity providers (IDPs) by exploiting local admin passwords or tricking users into logging in via Google/Microsoft accounts outside SSO, while phishing has shifted from email to browser-based attacks like "ClickFix" (tricking users into pasting malicious commands) and "ConsentFix" (combining ClickFix with OAuth consent phishing to compromise Azure). High-profile groups like Scattered Spider, Lapsus$, and Shiny Hunters exploit these techniques, targeting organizations via legitimate SaaS apps (e.g., Microsoft Dynamics, DocuSign) or hijacked LinkedIn accounts to distribute phishing links. The conversation highlights that 40% of SaaS applications in organizations are "shadow IT," with tools like ChatGPT and Zapier often used outside IDP controls, enabling attackers to move laterally into Slack or Teams. Browser security is identified as a critical blind spot, with modern attacks executing entirely within the browser—no malware or network compromise required—while traditional defenses like WAFs and EDR struggle to detect these identity-centric threats. Adam’s background in red teaming informs Push Security’s focus on browser-native detection, addressing gaps left by secure web gateways (SWGs) and legacy email security. The discussion underscores the need for visibility into browser-based identity interactions, as attacks now exploit the architectural shift to cloud-first workflows.