Credentials are a set of attributes that uniquely identify an entity such as a person, an organization, a service or a device. According to IBM’s Cost of a data breach report, compromised credentials were the primary attack vector of 19% of the data breaches the study highlights. A 2021 data breach report by ITRC reveals that cyberattacks, including credential stuffing, made up 88% of data breaches in Q3 of 2022.
A credential threat involves an attacker attempting to steal a user’s details to gain unauthorized access to the user’s accounts. Often, attackers specifically focus on acquiring the user’s organizational access.
In this blog, we discuss credential theft and threats, types and impact of password attacks and credential management strategies to protect your information.
Credential Theft Steers Many Security Incidents
Credential theft is a cybercrime involving the unlawful attainment of a victim’s proof of identity with the intent to access and abuse critical data and information. A successful credential theft gives the attacker the same account privileges as the victim.
The 2022 Ponemon Institute State of Cybersecurity Report suggests that 54% of security incidents are caused by credential theft.
Why Are Credentials Stolen?
A credential-stealing attack happens when attackers maliciously acquire access and bypass an organization’s security measures to steal critical data.
Here are some of the most common reasons for credential theft:
-
Fraud. Malicious actors often want access to sensitive information such as credit card and bank details to acquire funds from their target’s account fraudulently.
-
Distributing crimeware. Piggyback attacks and suspicious emails are some of the social engineering tactics attackers leverage to acquire credentials for crimeware — software used to perpetrate crimes — distribution.
-
Hacktivism. For social or political reasons, attackers steal user credentials to gain unauthorized access to critical information and wreak havoc on a secure computer system.
-
Espionage. A cyberespionage report suggests that spying is the second-highest motive underlying several security breaches. Cybercriminals compromise credentials to unlawfully monitor the activities of individuals, organizations or even countries.
Credential Attacks Are Expanding The Threat Landscape
Typically, attackers breach a low-level, less sophisticated server or platform and then use it to access a larger corporation. This approach may also include attacking third-party systems.
Here are some techniques malicious actors employ in acquiring sensitive information:
-
Social engineering. Per a 2022 Verizon data breach investigation report, the human element at the center of social engineering attacks was present in 82% of breaches the study considers. Tailgating, spear phishing, whaling and baiting are some common types of social engineering attacks.
-
Malware. Cybercriminals develop malicious software to intentionally harm, intrude, damage or steal data from a computer, network or server. Ransomware, adware, spyware and scareware form part of malware.
-
Automated attacks. Malicious actors conduct coordinated attacks by using sophisticated tools to test for vulnerabilities on several websites at once.
-
Application vulnerabilities. Malicious attackers search for and exploit weaknesses in your digital infrastructure to gain unauthorized access to your systems.
The Financial Impact of Compromised Credentials
Internationally, the average cost of a data breach in 2020 for businesses was $4.35 million, according to IBM. However, for the U.S, the average cost was the highest worldwide at $9.44 million. Data breaches have a considerable financial impact on organizations, especially in industries that manage sensitive information or deal with customer data.
Per the same report, the average critical infrastructure breach costs more than $1 million more than successful attacks on hospitality, entertainment, consumer goods and pharmaceutical companies.
Personal health information (PHI) breaches affect organizations, individuals and other stakeholders to varying degrees. Due to attackers’ unauthorized access to over 70 million patient records in 2015, Anthem (now Elevance Health) had to pay about $40 million in settlement fees and about $17 million to the U.S. Department of Health and Human Services (HHS).
Target’s data breach in 2013 cost the company $18.5 million in multistate settlement fees. Identity theft, blackmail and reputational damage are other effects of compromised user credentials on individuals and organizations.
Complete protection from cybercriminals is almost impossible, but organizations can take steps to reduce the probability of successful malicious attacks to a minimum. Per a study by Microsoft, two-factor authentication (2FA) can prevent 99% of account attacks. Multi-factor authentication is an effective method for securing sensitive information.
Consider some of these credential management strategies:
- Eliminate vulnerabilities
- Secure employee devices
- Teach employees to recognize credential phishing attacks
- Implement strong cryptographic measures
- Leverage threat intelligence tools
- Use long and complex passwords
Enterprise password managers leverage security strategies such as encryption to protect credentials. Password management solutions such as Keeper also help users to generate secure passwords and provide advanced monitoring and compliance reporting.
Use Keeper for Passwords and Secrets Management
Keeper enables your team to control who has access to passwords and secrets. In addition to generating secure passwords, Keeper helps organizations identify compromised user credentials by monitoring the dark web and other platforms for a match with data in your password vault.
Want to manage access to your organization’s data and customer information? Try Keeper for free.
Frequently Asked Questions
What is credential harvesting?
Credential harvesting is an attack involving phishing and other exploits to gather credentials such as usernames and passwords. Cybercriminals may use credentials for personal purposes or trade them on the dark web.
What is the most common method attackers use to steal credentials?
Attackers acquire sensitive data mostly through credential phishing. Some other common methods for credential theft include ransomware, brute force attacks and purchase on the dark web.
What is password spraying?
Password spraying is an approach used by malicious attackers to acquire unauthorized access to an account by using a list of common weak passwords such as 123456 or 00000. This method enables cybercriminals to access multiple accounts in one attack.