Rise in Cyber Attacks Using Stolen Credentials Reported
/ 3 min read
Quick take - Cyber threat actors are increasingly using stolen credentials, often obtained through stealer logs, as a primary method for breaching systems, highlighting the need for organizations to enhance their cybersecurity measures.
Fast Facts
- Cyber threat actors are increasingly using stolen credentials, facilitated by stealer logs, to breach systems, moving away from traditional hacking methods.
- Stolen credentials were involved in 80% of data breaches, highlighting the significant risk posed by identity-based attacks.
- Common credential harvesting methods include phishing and social engineering, with 45% of remote workers reusing passwords, increasing cybersecurity risks.
- Notable breaches, such as those involving Snowflake, MGM Resorts, and Okta, demonstrate the severe consequences of compromised credentials.
- Organizations are urged to implement stronger password practices, Multi-Factor Authentication (MFA), and continuous monitoring of the Dark Web to mitigate risks.
The Rise of Stolen Credentials in Cybersecurity Breaches
In recent years, cyber threat actors have increasingly adopted stolen credentials as a primary method to breach systems. This shift marks a move away from traditional hacking techniques such as exploiting software vulnerabilities or brute-forcing passwords.
The Role of Stealer Logs
A significant driver of this trend is the use of stealer logs. These logs are collections of stolen usernames, passwords, cookies, and session tokens, providing attackers direct access to sensitive systems. Stealer logs are highly sought after on the Dark Web. According to the 2024 Verizon Data Breach Investigations Report (DBIR), stolen credentials were involved in 80% of data breaches, underscoring the critical challenge these identity-based attacks pose for organizations. Research indicates that 62% of interactive intrusions involve the abuse of valid accounts.
The financial impact of data breaches is substantial, with IBM reporting an average damage of $4.24 million per incident. The threat landscape is further complicated by a 160% increase in attempts to gather secret keys and credentials through cloud instance metadata APIs, highlighting the evolving tactics of cybercriminals.
Common Credential Harvesting Methods
Common methods for harvesting credentials include phishing and social engineering. Many users fall prey to these tactics due to poor password practices. Alarmingly, 45% of remote workers are reported to reuse the same password across both work and personal accounts, significantly increasing cybersecurity risks.
Stealer logs are often harvested through infostealer malware, which spreads via phishing campaigns or malicious downloads. This can lead to severe consequences, including unauthorized access to sensitive data and service disruptions. Notable incidents, such as the Snowflake breach, demonstrate how attackers utilized stolen credentials from infostealer logs, targeting customer accounts and exploiting the absence of Multi-Factor Authentication (MFA). Other significant breaches, including those involving MGM Resorts and Okta, further illustrate the role of compromised credentials in major security incidents.
Combating the Threat of Stolen Credentials
Cybercriminals known as Initial Access Brokers (IABs) have emerged as a threat, selling access to compromised systems. Advertisements for such access have increased by 147%. Stealer logs are versatile tools in the hands of these actors, facilitating a range of malicious activities from identity theft to ransomware deployment and privilege escalation.
To combat these threats, organizations are encouraged to adopt stronger password hygiene practices. Implementing robust authentication measures such as MFA and Single Sign-On (SSO) is also recommended. Continuous monitoring of the Dark Web for exposed credentials is crucial. SOCRadar offers Advanced Dark Web Monitoring services to help organizations identify compromised assets, mitigating risks associated with stolen credentials. Additionally, SOCRadar’s Free Dark Web Report provides valuable insights into an organization’s exposure on the Dark Web, including the severity of threats, employee credentials at risk, and data available for sale in black markets.
Addressing these vulnerabilities proactively is essential for enhancing identity security. Safeguarding sensitive information in an increasingly perilous digital landscape is a priority for organizations.
Original Source: Read the Full Article Here
