What Are Compromised Credentials?
Credentials, such as usernames and passwords, are compromised when an unauthorized user gains possession of them. They are the most common cause of security issues triggering 19% of breaches in 2022. The chronic nature of these attacks is perhaps unsurprising given the increasing digitization of business operations; users’ weak, recycled passwords; and the high value placed on compromised credentials on the cyber underground.
Compromised credentials provide threat actors with an easy access point into your network from which they can conduct malicious behavior such as installing malware, and selling or destroying your data. When the consequences of a compromised credential attack blight both stakeholder trust and the bottom line, organizations must seek strategies for protecting themselves against compromised credential attacks.
How Are Credentials Compromised?
Compromised credentials provide threat actors with the keys to the kingdom. The value of these credentials is so high that threat actors are relentless in exploiting this attack vector. Some of the most prevalent methods used are:
This is a cost-effective and efficient attack vector. Threat actors contact employees and trick them, possibly by pretending to be a trusted entity or using emotional appeals, to click a malicious link or divulge sensitive information.
Brute Force Attacks
Threat actors use tools which automatically generate passwords, which the actor then works through in a trial-and-error to attempt to access the user account. Users who employ passwords that are lacking in length and complexity are particularly vulnerable to this attack vector.
Sometimes employees innocently share credentials by not following security protocols, other times disgruntled employees may deliberately steal information and sell it on for financial gain or revenge.
Malware installed on the network can capture credentials without knowledge of the organization. Keyloggers, for example, can record keystrokes while other malware will take screenshots of login pages and more, giving threat actors the information they need to steal the account information.
What Can You Do to Protect Against Compromised Credentials?
Training staff to recognize phishing scams and other social engineering attacks will make it far harder for threat actors to deceive employees. Company-wide use of a VPN to ensure all internet traffic is encrypted will also defend against man-in-the-middle attacks.
Enforcing a password policy or using a password manager that generates unique and complex passwords for each account will reduce the risk of compromised credentials.
When insider threats are a risk to a company, tools that analyze users’ behaviors within a network and flag unusual actions can be helpful to quickly identify potential attackers and limit the damage they seek to cause.
Add extra steps to your login process to limit the usefulness of compromised credentials and, similarly, their value on the cyber underground. By requiring users to enter a dynamic second factor, such as a code generated by an authentication app, you defeat attacks based on stealing credentials.
What Can Intel 471 Do?
We continuously monitor the cyber underground for relevant compromised credentials and alert your organization as soon as they hit the marketplace; the sooner you know about an issue, the sooner you can act to rectify it. Our platform also allows you to differentiate between new compromised credentials versus older releases that have been repackaged in an attempt to sell. This enables you to escalate your incident response to the appropriate level.
Use our coverage of the underground to set watchers for credentials specific to your organization including employees, VIPs, and customers so you can take action to mitigate against risks such as account takeover (ATO) and malware infestations.
Intel 471 are able to locate compromised credentials from sources unique to our research capability including access-restricted forums, threat actors, and machine and malware sources. This expansive insight into the world of threat actors enables us to alert you as soon as relevant credentials are identified so you can respond as fast as possible.
Using our CTI, Intel 471 can track where compromised credentials originated, who sold them, how they were obtained. Organizations can use this intel to build a proactive defense and disrupt future attacks levied at them.
No-one knows the cyber underground better. Intel 471 provides unique Cyber Threat Intelligence (CTI) by augmenting automatic collection with a global network of analysts. The following capabilities allow us to swiftly help our customers defend against attacks stemming from compromised credentials: