Understanding the Role of Stolen Credentials in Data Breaches
Security practitioners and threat actors are constantly developing new techniques to gain advantages over the other. In recent years, security teams have stepped up their approaches to protecting their infrastructure by fortifying their network perimeter defenses, building up protections against advanced malware, upgrading vulnerable operating systems, automating the delivery of patches to stop exploits, and developing counter-measures to spot intruders. The threat actors looking to circumvent these measures are shifting their attention toward the next weakest link in the security chain – the user.
Instead of finding and exploiting a vulnerability in a networked system, it is faster, cheaper and far easier to steal a password from a user. With stolen credentials in hand, the attacker no longer appears as an anomaly, for they operate as a known user and outside the traditional threat protections aimed at stopping intruders.
While schemes to steal passwords have existed for decades, there have been many refinements in the techniques to trick users. It would be a mistake to think that modern targeted credential theft is the same as garden variety phishing, such as the ploys used to defraud consumers. The advanced attacker is looking for an entry point into the organization, not access to bank accounts, and as such they are highly focused on going after very specific victims who have the access they want.
The bottom line is that passwords remain one of the weakest links in computer security, for they are easy to steal, hard to secure and provide little proof of the user’s identity. By stealing passwords, the attacker can greatly simplify the attack and effectively bypass security measures
designed to stop other types of threats such as malware and exploits.