Employees of organizations frequently use their corporate email addresses to register for personal accounts and services, often with the same passwords. As adversaries become ever more adept at acquiring exposed credentials online or with the help of an information stealer (infostealer), ReliaQuest regularly investigates exposures that lead to an increased risk of an organization’s corporate credentials becoming exposed to threat actors, leading to significant consequences for its data and operations.
The risks are manifold: The attacker can mask malicious activity as legitimate, move around your organization’s system, retrieve files containing sensitive information, and disrupt operations. As a result, user negligence can expose your organization to data breaches and extortion. At ReliaQuest, we have been researching the prevalence of valid account credential abuse and protecting our customers from its associated risks. Here, we provide you with an outline of the impact of valid account credential abuse, how ReliaQuest protects its customers from this type of attack, and how to improve your organization’s security posture.
Acquiring Exposed Credentials
Threat actors employ a range of methods to acquire exposed credentials, including searching through breach directories for email accounts, scouring cybercriminal forums for shared databases, utilizing lookup services to scan cloud-stored logs, and acquiring stolen credentials from initial access brokers. Therefore, the more users using corporate accounts for personal services, the higher the chance your organization’s credentials are available online.
In the absence of Multi-Factor Authentication (MFA) and other defenses, a threat actor can easily log in using the stolen credentials, granting them access to varying levels of access. Once inside an organization’s network, these actors wreak havoc, moving laterally, compromising additional hosts and servers, gaining access to sensitive information, and potentially causing serious financial and operational damage. With the increasing prevalence of ransomw ..
Support the originator by clicking the read the rest link below.
