Point of entry: Why hackers target stolen credentials for initial access

It’s a common story: weak or reused passwords find their way online, with damaging consequences for organization. Criminals increasingly deploy stolen credentials to gain initial access to user accounts, bringing new demands for security. This had led to a booming market for stolen credentials and the initial access they can bring. The ENISA Threat Landscape 2023 report said there had been year-over-year growth in the Initial Access Broker (IAB) market, with credentials the prime goods for sale.?

Stolen credentials are a bigger problem than ever

Challenges for organizations around stolen credentials are only getting bigger. The threat is pervasive, with fraudsters using various means to steal credentials. Cyber criminals are using search engines to impersonate brands and direct users to malicious sites that host ransomware to steal login credentials. Credentials can also be guessed through approaches like brute force attacks, where cybercriminals deploy tools that test password combinations continuously until they discover the right one. This can involve a range of methods, from relatively simplistic trial and error approaches to dictionary attacks, which exploit users’ habits of choosing simple and easily remembered passwords by attempting all the words in a “dictionary” of common passwords.?

Potential for major breaches

As the ENISA report notes, the abuse of valid accounts for initial access is ‘not a novel technique’ but remains a successful focus for cybercrime actors. Misconfigured accounts were especially notable, it said – as were accounts with weak passwords. And while multi-factor authentication (MFA) stops a lot of these attacks, it isn’t bulletproof, with ENISA pointing to actors intercepting MFA codes, harassing users with push notifications, and more. “We expect that credentials [will] remain a focal point for cybercrime actors,” ENISA said. “Despite technical protective measures, cybercrime actors have found ways around them.”?

Reduce the risk of initial access through stolen credentials

Cybersecurity experts will be fully aware of the danger of stolen credentials and the need for the strongest possible security. But there’s no room for complacency. The initial access threat posed by stolen credentials is evolving all the time – and so must we. At the most basic level, you have no idea what your end users – your colleagues, for example, or your customers – are doing online, or where they are reusing their weak passwords. You cannot know the websites they use and the devices they deploy. Increasing the overall password security in the environment, enforcing good password hygiene, and eliminating breached, incremental, and otherwise weak passwords help to bolster the security of your Active Directory environment and privileged accounts.

Read more here.