The new cybersecurity company's solution is available as a device-native service, a mobile app, browser-based, and via a developer-focused API. Credit: Gerd Altmann Cybersecurity company Circle Security has emerged from stealth with the release of a new platform “purpose-built” to protect against credential-driven threats and cloud attacks. Powered by a decentralized architecture, Circle is available as a device-native service, a mobile app, a browser-based solution, and via a developer-focused API, according to the firm.Circle Security boasts an impressive advisory board featuring several high-profile cybersecurity thought leaders including Bruce Schneier, Lucia Milica, global CISO of Proofpoint, and Eric Liebowitz, CISO of Thales Group.Credential-driven data breaches are the biggest threat vector for most companies. Cybercriminals are prioritizing stolen credentials for use in attacks, with weak credentials significant contributors to cloud security risks. Meanwhile, access brokers – criminal groups that sell stolen access credentials – have become a key component of the eCrime threat landscape. Circle platform offers “new level of security” against phishing, credential-stealing attacksCircle’s decentralized platform ensures secure access to cloud data and applications while protecting data during sign-in and throughout the user journey, no matter where the data travels, the company said in a press release. “The result is that enterprises can now rely on a single platform to secure access to sensitive data and protect it from exposure with full visibility and control on whichever user devices it resides,” it added. Circle cryptographically unifies the capabilities of device trust, data access, and data protection into a unified platform capable of preventing credential-driven attacks and cloud compromise, the firm claimed. By reducing the user’s capability to authenticate on their own, the system provides a new level of security against phishing and other credential-stealing attacks, according to Schneier. Circle is available in Base, Standard, and Premium options, each priced accordingly.Credential-focused cyberattacks plague organizations, empower cybercriminal activityCredential-focused cyberattacks are plaguing organizations and empowering cybercriminal activity. Last year, threat actors exposed or stole 22.62 billion credentials and personal records, ranging from account and financial information to emails and US Social Security numbers, according to a recent report from Flashpoint. “The proliferation of illegally obtained data gives threat actors ample opportunities to circumvent organizational security measures and controls – empowering ransomware groups like LockBit to hold data for ransom, or sell or expose it on illicit markets,” the report read. Cybercriminals are doubling down on stolen credentials, demonstrating a clear demand for access broker services. There was a 112% year-over-year increase in advertisements for access broker services identified last year compared to 2021, with more than 2,500 advertisements for access detected across the criminal underground, according to the CrowdStrike 2023 Global Threat Report. There was also a notable shift away from malware use related to adversaries’ prolific abuse of valid credentials to facilitate access and persistence in victim environments, the research found.What’s more, weak credentials contribute significantly to persistent cloud security risks. The latest Unit 42 Cloud Threat Report found that 76% of organizations don’t enforce MFA for console users, 58% don’t enforce MFA for root/admin users, and 57% don’t enforce symbols in passwords. Related content brandpost Sponsored by Cyber NewsWire LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience By Cyber NewsWire May 02, 2024 4 mins Cyberattacks Security news Iranian hackers harvest credentials through advanced social engineering campaigns Mandiant observed several malicious campaigns with threat actors impersonating journalists and harvesting the victim’s cloud environment credentials. By Shweta Sharma May 02, 2024 4 mins Hacker Groups Social Engineering news Dropbox Sign hack exposed user data, raises security concerns for e-sign industry The names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.” By Gyana Swain May 02, 2024 5 mins Data Breach news UnitedHealth hack may impact a third of US citizens: CEO testimony Despite paying a $22 million ransom in Bitcoin to regain access to encrypted files, the company cannot confirm whether copies of the data were made or published online. By Prasanth Aby Thomas May 02, 2024 4 mins Data Breach Ransomware Hacking PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe