Records are breaking this holiday season. In the United States alone, consumers outspent themselves on Cyber Monday, with sales reaching a record $12.4B. Amazon announced unprecedented sales leading up to Cyber Monday, and Cyber Week sales reached $38B.
This time of the year is also a boon for threat actors who are busily taking advantage of the massive spending spike and retailers’ goldmine of sensitive customer data. Retailers are also more vulnerable during the holiday season with stretched IT teams and the addition of seasonal workers and new equipment to meet customer demand.
A common, effective way cybercriminals infiltrate corporate networks is through compromised credentials. Once they have access to the network, they can steal sensitive data, encrypt it with ransomware, and could even be used as part of a broader campaign by more advanced threat groups (APTs). Compromised credentials are often shared across the cybercriminal underground - through dumps on paste sites, mentions in dark web forums and even in dedicated private groups that sell logs from stealer malware.
Two of the most common use cases of compromised credentials include:
Compromised Emails: Compromised emails are exposed or leaked email and password combinations. These compromised emails are often used in spearphishing attacks, business email compromise (BEC), or as a starting point for a more sophisticated attack. Just one exposed email sold on the underground can expose an entire corporate network to risk. For instance, if an executive’s corporate email address is shared in a dark web forum, that individual is at greater risk of spear phishing and credential stuffing attacks as threat actors attempt to gain access to additional corporate accounts and platforms.
Compromised Access via Stealer Logs: Compromised accounts/users refer to compromised devices – or endpoints – most commonly extracted using stealer malware. Notoriously popular in the underground, stealer malware is designed to swipe sensitive data from a victim's computer or network, such as login credentials, stored cookies, financial data, personal information, and other sensitive documents and files. Unlike “regular” leaked credentials, such as lists of usernames and passwords, stealer malware logs contain additional information about the associated 'host" or system that the user/password belongs to.Â
Access to one compromised endpoint with a corporate login and password can be used as the first entry point into the enterprise network.Â
Detecting and remediating these initial access points is of paramount importance to retailers and all security-minded organizations – but it can be a painstaking process. Security teams must first gain access to these sources and then collect, process, and analyze data from them – a laborious process requiring significant technical and intelligence resources.
Our new Credentials Module enables organizations to overcome challenges by providing security teams with a centralized platform for identity intelligence, monitoring, and analyzing compromised emails and accounts. Armed with a complete and consolidated view of the organization’s credentials at risk, security teams can effectively and proactively manage their threat exposure and quickly mitigate any compromised access.
Key benefits of the Credentials Module include:
Reduce MTTD: Identify compromised credentials and access moments after they first surface on cybercriminal platforms, and minimize the window of opportunity for cybercriminals to weaponize this access in an attack.Â
Centralized Platform for Easier User Experience: Gain a consolidated view of compromised access and credential data, eliminating the need for investigations with complex search syntax and providing a holistic understanding of potential exposures.
Remove Noise and False Positives: With easy customization to your organization’s password policy, organizations can reduce the amount of false positives and noise received from irrelevant credentials that are exposed.
Reduce Risks: Online retailers can mitigate account takeover (ATO) fraud with full visibility into when and where customer access credentials were shared. They can also Identify sources of potential leaks or breaches and protect customer access to the organization’s systems.
Provide Value: For MSSPs, the new module provides value to their customers and creates interest with prospects. Within seconds, MSSPs can gain a comprehensive view of each customer’s credentials exposure.
Want to learn how to simplify compromised credential monitoring and gain insights into your organization’s risks and vulnerabilities? Visit here for more information.