Among the many repercussions of the widely-reported supply chain cyberattack on a network software firm is that nation-state threat actors gained access to privileged login credentials. Microsoft, which investigated the attack on behalf of cybersecurity firm FireEye, issued an advisory stating that nation-state threat actors obtained administrative access to some targeted networks by stealing privileged account login credentials.
This is part of a larger pattern of nation-state actors launching increasingly sophisticated phishing schemes in an attempt to steal user login credentials for use in future attacks. Microsoft reports that credential harvesting is one of the top attack techniques it has witnessed nation-state threat actors using over the past year.
Cybercriminals prize login credentials as a method to both breach networks and, once inside, remain undetected. CSO Magazine reports that one of the ways in which the attackers evaded detection once inside a target network was by using stolen credentials, as opposed to malware, to move laterally through the network and establish legitimate remote access. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) advises impacted companies to, among other remedial measures, change all passwords used by or stored in SolarWinds software.
Login credential theft by nation-state actors is also threatening the global COVID-19 vaccine supply chain. DarkReading reports that organizations involved in the cold storage and transportation of vaccines are being targeted in a sophisticated spear-phishing campaign that clearly seeks to harvest credentials. The emails contain an attachment that, once opened, prompts the user to enter their login credentials. So far, at least 10 organizations in six countries have received these emails.
How to Protect Your Organization from Credential Harvesting
Comprehensive password security is the first line of defense against credential harvesting by nation-state cybercriminals, or any cybercriminal. At a minimum, organizations should:
- Require that employees use strong, unique passwords for all accounts.
- Require that employees use multi-factor authentication (2FA) on all accounts that support it.
- Require that employees use a password manager.
Digital transformation initiatives and cloud computing make supply chain vulnerabilities an ongoing threat to all companies. Even if your company doesn’t get breached, one of your vendors might. For this reason, all organizations should subscribe to a Dark Web monitoring service. These services scan Dark Web forums and notify organizations if any of their employee passwords have been compromised, allowing IT administrators to force password resets right away.
Keeper Secures Organizations from Credential Harvesting Attacks
Keeper’s zero-knowledge password management and security platform give IT administrators complete visibility into employee password practices, enabling them to monitor password use and enforce password security policies across the entire organization, including strong, unique passwords, 2FA, role-based access control (RBAC), and other security policies. Fine-grained access controls allow administrators to set employee permissions based on their roles and responsibilities, as well as set up shared folders for individual departments, project teams, or any other group.
For additional protection against supply chain cyberattacks, the Keeper BreachWatch™ add-on service scans Dark Web forums and notifies organizations in real-time if any of their company passwords have been put up for sale. BreachWatch seamlessly integrates with the Keeper password management platform, enabling IT administrators to force password resets right away.
Keeper takes only minutes to deploy, requires minimal ongoing management, and scales to meet the needs of any size organization. Not a Keeper customer yet? Sign up for a 14-day free business trial now! Want to find out more about how Keeper can help your organization prevent security breaches? Reach out to our team today.