Stolen credentials are a major concern in the world of cybersecurity, with statistics showing that they were the top attacker action in 2023/24 and the breach vector for 80% of web app attacks. Despite organizations spending almost $1,100 per user on cybersecurity budgets, stolen credentials can still be purchased for as little as $10 on criminal forums. This disconnect highlights the urgency for better solutions to combat this growing threat.
Identity attacks are on the rise, with recent incidents such as the Snowflake breach impacting numerous organizations and individuals. These attacks, often fueled by stolen credentials lacking multi-factor authentication (MFA), have led to massive data breaches and ransom demands. Throughout 2024, numerous high-profile organizations fell victim to similar attacks, showcasing the prevalence and severity of the issue.
The use of stolen credentials remains a persistent problem in cybersecurity, despite efforts to implement MFA. Research has shown that many accounts with passwords as the sole login method lack MFA, leaving them vulnerable to attacks. The shift to third-party apps and services has also created more targets for attackers, leading to a continuous cycle of data breaches and compromised credentials.
The rise of infostealer malware has significantly contributed to the increase in credential-based attacks. These sophisticated tools are continuously evolving to evade detection controls and are capable of stealing a wide range of credential data. Criminal forums on the clearweb and darkweb offer a marketplace for these stolen credentials, creating a lucrative business for cybercriminals.
Modern working arrangements and the prevalence of password reuse have further exacerbated the issue of stolen credentials. With a large number of apps being used by organizations and the ease of accessing personal and corporate accounts, attackers have ample opportunities to exploit vulnerabilities. As the landscape of cyber threats continues to evolve, it is crucial for security teams to stay vigilant and implement robust measures to protect against stolen credential-based attacks. The modern identity attack landscape has evolved significantly in recent years, presenting new challenges for security teams. Previously, security and IT teams had control over their Active Directory universe, allowing them to detect threats and monitor passwords. However, with the shift towards online operations and the use of managed and unmanaged SaaS applications, visibility into identity posture has become limited. Most organizations struggle to identify all accounts and apps in use across the business.
Unlike traditional network-based attacks, modern identity attacks follow a more direct path, targeting online accounts. Attackers only need to compromise an account to access and exfiltrate data from the app, making detection and response more challenging. Traditional security tools are ill-equipped to prevent malicious activity within apps, and the lack of robust SaaS logging further complicates the situation.
Threat intelligence on stolen credentials is abundant, but separating true positives from false positives remains a challenge for security teams. Push Security recently found that less than 1% of suspected stolen credentials were actually in use by employees, highlighting the difficulty of accurately identifying compromised accounts. To effectively leverage threat intelligence, security teams need a new approach to securely observe and match passwords found in credential feeds.
To prevent account takeover from stolen credentials and MFA gaps, security teams can adopt a modern approach using browser telemetry. Push Security offers a browser-based ITDR platform that deploys a browser agent to employee browsers, enabling real-time monitoring of credentials and security controls to prevent account takeovers. By correlating suspected stolen credentials with those in use by employees, security teams can identify and address high-risk vulnerabilities proactively.
Overall, the changing landscape of identity attacks requires security teams to adapt their strategies and tools to effectively protect against account takeovers. By leveraging browser telemetry and advanced security controls, organizations can strengthen their defenses and mitigate the risks associated with stolen credentials and malicious activity. Push utilizes salting and hashing to create fingerprints for customer-supplied credential data, allowing for comparison to password fingerprints observed by relevant browser agents. If a stolen credential fingerprint matches a known credential fingerprint in use by the Push browser agent, a validated true positive alert is generated. These alerts can be received through webhooks, messaging platform notifications, or in the Push admin console.
In addition to detecting stolen credentials, Push can help organizations close multi-factor authentication (MFA) gaps. By analyzing MFA registration status and methods used by users across various apps, Push can guide users to register MFA for different applications using in-browser controls. This proactive approach enhances security by increasing MFA adoption even on unmanaged apps.
In a scenario where a SaaS breach is announced, Push enables quick investigation of the impact. Users can check if the Push extension has observed employee usage of the breached app, assess MFA status and methods for affected accounts, and identify any security issues with passwords. Enforcement controls can be configured to prompt employees lacking MFA to set it up when accessing the app, further strengthening security measures.
By combining alerting for stolen credentials with the ability to increase MFA adoption, Push offers security teams a powerful toolkit for preventing account takeovers. The platform’s features provide visibility and control over MFA registration and password security, ensuring a proactive defense against identity attacks.
To learn more about identity attacks and how to mitigate them, organizations can explore Push Security and try out their browser-based agent for free. Stay updated on exclusive content by following The Hacker News on Twitter and LinkedIn for more insightful articles from valued partners. As we navigate through the complexities of the digital age, it’s becoming increasingly important to protect our online privacy. With the constant threat of cyber attacks and data breaches, safeguarding our personal information is crucial to maintaining our security. One of the most effective ways to do this is by using strong and unique passwords for each of our online accounts. By creating passwords that are difficult to guess and changing them regularly, we can reduce the risk of unauthorized access to our sensitive data.
In addition to strong passwords, enabling two-factor authentication can provide an extra layer of security for our online accounts. This process requires users to verify their identity through a second method, such as a code sent to their phone, before gaining access. By implementing this additional step, we can further protect ourselves from cyber threats and unauthorized access to our accounts.
It’s also important to be cautious about the information we share online. Be mindful of the content you post on social media platforms and the permissions you grant to apps and websites. Limiting the amount of personal information you disclose can help prevent identity theft and protect your privacy.
Regularly updating your devices and software is another important aspect of maintaining online security. Software updates often include security patches that can help protect your devices from vulnerabilities that hackers may exploit. By staying up to date with these updates, you can help ensure that your devices are equipped with the latest security measures.
Ultimately, taking proactive steps to protect your online privacy is essential in today’s digital landscape. By following these tips and remaining vigilant about your online security, you can help safeguard your personal information and reduce the risk of falling victim to cyber threats.
Source link