As we approach the second half of 2023, the issue of credential theft continues to be a stark reality for many IT teams. Fueled by the shifting tactics of cybercriminals and the value of information in the digital realm, this threat has swiftly become undeniably significant. This was reaffirmed by the kindling points found within the latest 2023 Verizon Data Breach Investigations Report (DBIR). The DBIR deduced that 83% of the data breaches they surveyed involved externally-sourced attackers, almost exclusively with monetary gain as an impetus. From those external perpetrator-driven breaches, almost half, 49%, were perpetrated using stolen login information.
The tenacity, creativity, and patience characterize most triumphant cyberattacks. Often, the brunt of these attacks can be resisted through appropriate cybersecurity awareness and training. However, it can just take one resilient, well-crafted attack to infiltrate the system. Preying on human error and stress, cybercriminals have devised strategic methods like fake login pages, falsified invoices and redirected email exchanges to trick individuals into relinquishing valuable login credentials and funds.
The DBIR report disclosed that 74% of breaches involved some form of human element: either erroneous human actions, misuse of privileged access, social engineering tactics, or the use of stolen credentials. Interestingly, they revealed that 'pretexting', a fabricated scenario designed to dupe users into divulging their data or perform actions that benefit the attacker, was employed in half of all social engineering attacks in 2022. All these underline the understanding that human users tend to be the weakest links in an organization’s security infrastructure.
Even big organizations, flush with security budgets and in-house cybersecurity experts, are not exempt from successful cyberattacks. The recent case of Norton Lifelock Password Manager bears this out. Early in 2023, Norton had to flag nearly 6,500 customers with the unnerving notification that their data may have been compromised. Despite the swift countermeasures, attackers got away with customers' data, a grim reminder of the constant threat and potency posed by stolen login credentials.
Cybercriminals are pooling their resources together on dark web marketplaces, trading vast sets of stolen credentials for bargain prices. These personalized, real-time "digital fingerprints" have allowed attackers wide-scale access, facilitating entry into an organization’s system. Neutralizing these black markets has proven challenging due to their ephemeral nature, with new ones surfacing swiftly after their antecedents are taken down.
At Darksteel Technologies, we are an Orlando based business that can handle all aspects of your IT security. Providing compliance, training, malware protection, cloud security, devsecops, vulnerability management, penetration testing, architecture design and any other information security requirement your business needs. We focus on your cybersecurity so you don't have to.