Ethical Hacking News
The rise of stolen credential-based attacks has reached unprecedented levels, with 80% of web app attacks attributed to these breaches. Experts warn that cybersecurity budgets will only continue to grow in response to this pressing threat. But how can organizations effectively defend against these identity-based attacks? From the role of MFA in prevention to the emergence of browser-based ITDR solutions, explore the nuances behind the latest data and emerging trends in this comprehensive article.
Stolen credentials are the primary attack vector for identity-based attacks, accounting for 80% of web app attacks in 2023/24.The cost of stolen credentials on criminal forums is as low as $10, highlighting the magnitude of this issue.Inostealer malware has reached unprecedented levels, compromising user accounts and harvesting sensitive information.The Snowflake breach was a notable example of the impact of infostealer infections, with 165 organizations targeted and nine victims identified publicly.Many organizations have fallen prey to similar attacks in 2024 alone, including Disney, Microsoft, Finastra, and more.Multi-Factor Authentication (MFA) is often lacking in accounts that use only passwords as login methods.The rise of infostealer compromises has led to an alarming rate of breached credentials, with data breaches begetting more data breaches.The shift to third-party apps and services has resulted in an explosion of new accounts, credentials, and valuable business data, making them low-hanging targets for attackers.
The cybersecurity landscape has been plagued by a persistent problem – stolen credentials have become the primary attack vector for identity-based attacks. According to recent data, stolen credentials were the #1 attacker action in 2023/24, accounting for 80% of web app attacks, and cybersecurity budgets grew again in 2024 with organizations now spending almost $1,100 per user (Source: Forrester). The staggering fact that stolen credentials on criminal forums cost as little as $10 (Source: Verizon) only serves to underscore the magnitude of this issue.
In an effort to understand the root causes of this phenomenon and explore potential solutions, we must delve into the world of murky intelligence on stolen credentials. Researchers have long been aware of the existence of infostealer malware, which can compromise user accounts and harvest sensitive information such as login credentials. However, it appears that the sheer volume of these attacks has reached unprecedented levels.
A notable example of this trend was the Snowflake breach, which saw 165 organizations targeted using stolen credentials harvested from infostealer infections dating as far back as 2020. These affected accounts also lacked MFA, enabling attackers to log in with a single compromised factor and subsequently stage and exfiltrate data across multiple Snowflake customer tenants.
The impact of this breach was immense, with nine victims identified publicly, impacting hundreds of millions of people's sensitive data and at least one victim paying an undisclosed ransom fee. While the Snowflake breach stands out as a high-profile incident, it is by no means an isolated occurrence. In fact, numerous other organizations have fallen prey to similar attacks in 2024 alone.
Disney's Confluence servers and Slack instance were hacked, resulting in huge amounts of commercially sensitive data and IT infrastructure details being leaked, as well as messages from 10,000 Slack channels. Microsoft suffered a significant breach of their Office 365 environment, with sensitive emails leaked after a "test" OAuth application was compromised using stolen credentials.
The list of affected organizations is extensive, with notable names such as Finastra, Schneider Electric, Nidec, Foundation, ADT, HealthEquity, Park'N Fly, Roku, LA County Health Services, and many more all suffering data breaches of varying severity due to stolen credentials. The sheer scope of this issue demands attention from security professionals worldwide.
To better understand the impact of stolen credentials on organizations, we must examine the role of Multi-Factor Authentication (MFA) in preventing these attacks. Despite growing efforts to adopt MFA, research from Push Security shows that where a password is the sole login method for an account, these accounts lack MFA in 4 out of 5 cases.
The rise of infostealer compromises has led to an alarming rate of breached credentials, which continues to grow at an unprecedented pace. Furthermore, data breaches tend to beget more data breaches as account information is leaked, creating a vicious cycle that threatens the very fabric of online security.
Moreover, the shift to third-party apps and services for most major business operations has resulted in an explosion of new accounts, credentials, and valuable business data in the cloud – all low-hanging targets for attackers. The lack of robust SaaS logging makes it increasingly difficult to detect such attacks, as even if data is available, distinguishing legitimate user activity from malicious activity becomes a significant challenge.
Push Security provides a comprehensive browser-based ITDR platform that deploys a browser agent to employee browsers in order to stop identity attacks. This platform uses secure observation of credentials at the time of login and collects rich browser telemetry while providing security controls designed to prevent account takeovers before they occur.
In light of these findings, it is imperative for organizations to reassess their approach to defending against identity-based attacks. Push Security offers a viable solution in its browser agent technology, which can be used to correlate employee credentials with those found in compromised credential feeds, effectively cutting through the noise and identifying genuine threats.
The rise of stolen credential-based attacks has left security professionals scrambling to find effective solutions to prevent these threats from materializing. In an effort to address this pressing issue, organizations must prioritize the development and implementation of comprehensive threat intelligence strategies that can accurately identify and categorize malicious activity.
Ultimately, a more nuanced understanding of the complexities surrounding identity-based attacks is necessary for developing robust countermeasures. By exploring innovative solutions such as browser-based ITDR platforms and enhancing our collective awareness of this pervasive issue, we can work towards creating a safer online environment for all.
Related Information:
https://thehackernews.com/2025/01/the-10-cyber-threat-responsible-for.html
Published: Thu Jan 16 09:19:33 2025 by llama3.2 3B Q4_K_M
