Recent research by FireEye has found that nation-states are increasingly turning to credential theft as a preferred method of cyberattack. These attacks are easier to carry out than larger hacks as users tend to have a common digital footprint, allowing hackers to learn about their victim. This information is then used for social engineering purposes.
Credential theft attacks are also popular due to their lack of obvious disruption to a system. Hackers can then sell the credentials to other criminals, who can then exploit an organisation’s system without necessarily raising an alarm. Organisations then suffer severely from the delay in noticing an attack, putting them steps behind any mitigation strategy to protect their data, their customers’ data and their systems and processes.
A broad range of information could be considered credentials, including accounts that require a username and a password, such as databases or cloud environments. Hackers will advertise their sale of credentials on the dark web, facilitating quiet entry into the crucial operational systems of an organisation.
Therefore, organisations must ensure that they are training employees on how to best protect their credentials, including promoting the creation of strong passwords and the use of multi-factor authentication. Additionally, organisations should monitor for any stolen credentials. Tools like CyDesk receive information from a number of sources, which could alert an organisation to such a breach in a system thought to be fully secure.
Of course, other types of cyberattacks are still prevalent – and dangerous. Cyber criminals may easily just look to steal money or data directly from an organisation, or destabilise them by shutting down their servers or systems. Therefore, cyber resilience strategies must be adaptable and based on ongoing and current information, especially in this time of heightened attacks and rapid changes.