News

Credential theft continues to remain a significant concern for IT teams as we approach the second half of 2023. The 2023 Verizon Data Breach Investigations Report (DBIR) highlighted that 83% of breaches involved external actors, with a staggering 49% of those incidents involving stolen credentials.

One of the primary reasons why credential theft remains a popular and successful attack route is the value of data to cybercriminals. Financial motivation is a key driving factor behind these attacks. Threat actors employ various techniques, including social engineering and the creation of fake login pages and invoices, to trick users into divulging their credentials or funds. Users, therefore, continue to be the weak link in the security chain.

Verizon’s DBIR also revealed that a significant number of breaches, around 74%, involve some form of human element, such as human error, privilege misuse, or social engineering. Attackers are well-aware of this vulnerability and often employ social engineering techniques like pretexting to deceive users into giving up their credentials. Exploiting human vulnerabilities is often an easier and more direct route into an organization’s systems compared to hacking the technical elements.

Even organizations with robust security budgets are not immune to cyberattacks. Norton Lifelock Password Manager recently experienced a breach where attackers used stolen credentials in a brute-force attack to gain access to customer accounts. Despite Norton’s prompt response and detection of failed logins, the compromised passwords allowed attackers to successfully access customer data. This case underscores the significant threat posed by stolen credentials, as they can be difficult to prevent from being reused across multiple platforms.

Stolen credentials are readily available on online black markets, where large datasets containing hundreds of thousands of compromised credentials are sold at low prices. These markets cater to non-technical threat actors who lack the skills to hack into systems themselves. Recent examples, such as the Genesis Market, also offer “digital fingerprints,” providing additional information and access to attackers beyond just usernames and passwords.

To combat the risk of stolen credentials, IT departments need dedicated tools that can detect compromised passwords. Specops Password Policy with Breached Password Protection, for example, helps users create stronger passwords in Active Directory and blocks the use of over 3 billion compromised passwords. This tool integrates seamlessly with Active Directory and provides informative client feedback to guide users in complying with complex password policies.

Furthermore, Specops Password Auditor enables organizations to scan their Active Directory for compromised passwords already present in their environment. Taking proactive steps to secure passwords and close off easy attack routes can help prevent major compromises in the future.

The post Credential Theft: An Ongoing Challenge for IT Security Teams appeared first on satProviders.