Webinar Jan. 18, 2023: Cybersecurity New Year’s Resolution – Go On the Offensive
Credential theft happens in several different ways and could indicate a more significant breach leading to locking users out of accounts, monetary loss, or elevating their access to critical systems..
Credential Theft occurs when malicious actors steal login details and use them to access services or applications to steadily elevate their privileges, or access bank accounts, e-commerce websites, and other platforms as a customer. For credential-based attacks on customers, stealing credentials of a financial platform breach could lead to significant financial losses, while recent attacks on healthcare platforms could result in the loss of Personally Identifiable Information (PII).
Hackers leverage several techniques to credential access including brute force attacks, phishing, site spoofing, or injecting malicious code onto a login or checkout page.
Typically, hackers breach a low-level, less sophisticated server or platform and then use it to access a larger corporation. This approach may also include attacking third-party systems. The goal is to eventually access more critical systems, such as payment or login components, and leave behind a keylogger to capture additional credentials.
The other way credential theft occurs is through individual phishing emails. These phishing emails look like they come from a reputable source and require users to reset their password through a link. The link takes users to a compromised or cloned website (site spoofing) that steals the credentials for later use. As users become aware of these attacks, they are likely to avoid obviously fake website URLs. The real danger comes when a hacker is able to leverage a legitimate domain and URL on which to build the false website, which users are likely to trust. As enterprises grow and expand their online presence, legitimate domain name entries may be abandoned, forgotten, or left open to takeover by malicious actors. Because these domains are still owned by the organization, they imply reputation and trust, so users don’t hesitate to enter sensitive data.
While enterprises make significant investments in the security of the systems and data they directly manage, they remain vulnerable to additional threats from the vast network of third-party vendors connected to their online presence. The security and data management practices of these third parties is outside the control of the enterprise with few guarantees of equal protection
When hackers breach your organization to steal your users’ credentials, you can experience a massive loss of business, money, and trust. Back in 2013, Target’s data breach not only cost them business – customers didn’t want to swipe their credit cards, fearing someone would steal their information – but they also paid an $18.5 million multistate settlement.
Even though PayPal was a leading payment platform, their data breach in 2019 lost them trust and left customers looking for a safer way to shop online.
Also in 2019, five Microsoft servers using the third-party technology, Elasticsearch, were left exposed without protection for almost the entire month of December.
Attackers look for the easiest path to access a large organization in order to gain the highest return on their investment of time.
Eliminate Vulnerabilities: Every breached organization believes they had taken every measure to protect their organization, but attackers are still able to discover a crack in their armor – their external attack surface of third-party vendors. With a growing network of third- or fourth-party applications and services comprising your online presence, your organization is exposed to potentially less-secure platforms. Taking a proactive approach to discovering and eliminating these vulnerabilities is the clearest path to preventing potential breaches
Insider data breaches are on the rise, especially with many employees working through internet browsers on personal devices in a home office. Protecting your employees from credential theft on a personal level will ultimately protect your enterprise, as well.
In 2020, attackers abused employee credentials on Marriott’s third-party guest services vendor platform and accessed 5.2 million guest records.
Secure Employee Devices: While it may be cheaper and more convenient for enterprises to allow a bring-your-own-device program, these devices now exposed company information to the credential threat risk of their employees. If a computer or cell phone is hacked or stolen, attackers will be able to access the business information, as well.
Teach employees to recognize phishing: Even with security on your devices and emails, anyone can pretend to be the CEO and request sensitive data, or in Twitter’s case, access login details for high-profile accounts to promote a bitcoin scam. Don’t leave your information up to human error. Continually teach and remind employees about the dangers of phishing emails, so they recognize it when they see it.
Request a free hyper external attack surface scan today.
