Nation State Attackers Shift to Credential Theft

A greater focus is being placed on credential theft by nation state actors rather than stealing money.

Speaking on a virtual briefing, Jens Monrad, head of Mandiant Threat Intelligence for EMEA at FireEye, focused on attacks from Russia, Iran and China and their various activities. Monrad said attacks are easily done because of the user’s common digital footprint, which can allow an attacker to pick up on items about the victim and use them in a social engineering scenario.

He explained that the biggest detection of malware seen by FireEye customers is focusing on stealing credentials and stealing information “and that makes sense as regardless of your motivation, if you can steal or buy stolen credentials. you will make less noise in your operation.”

Furthermore, if an attacker wanted to do a high stake “heist,” or if you wanted to rob a house, if you could purchase the access code to the alarm system or purchase the keys, you make less noise than if you break in and make more noise. 

“Credentials can vary from anything that requires a username and password to databases or access to cloud environments,” he said. “This is just part of the ecosystem we currently see, and [cyber-criminals] advertise databases and tools and services on the underground forums.”

Monrad added, from a cyber-criminal perspective or even as part of nation state campaign, buying those credentials may give you more of a silent entry into a system. “If you’re a cyber-criminal deploying ransomware post-compromise, this will make you more successful in your intrusions.” 

He said this is why Mandiant is focused on credential theft as a so ..

Support the originator by clicking the read the rest link below.