Access Credential Intrusions for Non-Cyber Friends

Cyber is riveting. My non-cyber friends: “that is not riveting, no” (true story).

Stay with me, my non-cyber lovelies. We'll fly at a high level, for a general understanding:

In years past, most of us thought of cyber attacks as some kind of an overpowering dark overlord who breaks the castle door down. Often true. That can still happen but today, tech systems are usually defended in layers and routinely look for the dark overlord. Thus, bad actors have evolved to favor access credential intrusions.

In a generic sense, an access credential intrusion is when a bad actor walks through the (digital) front door of a company by using legitimate information/credentials that an employee (or contractor) uses to access company systems, e.g., login information. There are many ways a bad actor gets the legit information to access a system: find information that is leaked, “guessing” enough times to get it right, fool someone into giving it to them, buy it from an access broker (yes, there are middlemen everywhere and sometimes a person may even sell their access information which is super highly not recommended – ?not ever), or otherwise steal it.

In an access credential intrusion, the bad actor appears as a person with legitimate access and, once in a company system, the bad actor may change or add to the legit access information and that change may look “normal” in that particular system. The bad actor may also move laterally across to other systems that the legitimate person has access to, including systems of the company’s customers in some cases. True fact, this lateral movement takes on average, about an hour and has been observed in as little as a few minutes. As the bad actor moves across company systems, it may install a back door to a system, take advantage of configuration errors in a system or take advantage of “over-privileged” access (meaning the legitimate person has ongoing access to a system when there really isn’t a need for it). Also, because a breach like this is not discovered for over 200 days on average, the bad actor may put some malicious software in a system and patiently wait.

A bad actor can misbehave in other ways using legitimate access credentials but a point to remember is that the bad actor who waltzed through the front door can waltz quietly back out through the front door, back door, or a window, taking data harvested in its travels across the company (and perhaps customers’) systems. What the bad actor does with the stolen data varies. The company could be threatened with release of the data unless it pays a ransom, the data could be sold, the data could be leaked, or the data could be very useful and kept by the bad actor.

It’s important to have a base understanding of access credential intrusions because we all have access to tech systems and let’s just say -- a security breach is very expensive, damages customer relationships, and forces our eye off the ball of productivity and revenue. We have to be vigilant in protecting the information and keep our access information for one system quite different from the access information to another system (don’t use the same or password twice, or a very similar password, like for Gmail and your work account), and be on the lookout for anyone who asks for your access information in an email or phone call or ... likely a scam.

There is much more to this subject but the aim here is to provide high level information. Not every scenario and rabbit hole is covered and this article is informational only, not a substitute for legal advice.

True fact source: 2024 CrowdStrike Global Threat Report.