Stopping Password Theft: The Value of Proactive Threat Intelligence
Password Theft and passwords represent the “keys to the kingdom” in our modern, digital-centric world. They protect our personal and corporate email, our social networking accounts, and access to our most sensitive financial and healthcare data. At a business level, they’re also still widely used to protect enterprise accounts, networks and data stores.
There’s just one problem: passwords are easily stolen, cracked and phished, allowing attackers to walk unchallenged through the virtual front door to do their worst.
One of the best ways to combat password theft is effective threat intelligence. With the right blend of early warning tools, you can predict where attacks might strike and put measures in place to mitigate the threat, alongside optimized detection of compromised credentials to minimize the fallout of any attack.
Fourteen years and counting
It’s hard to believe Bill Gates predicted the death of the password as long ago as 2004. At the time he argued that username-password log-ins could not “meet the challenge” of securing key IT systems and user accounts. “The weakness is the password,” he said — and he was right. Yet over a decade later enterprises are still using password-based log-ins in great numbers, despite the escalating risks and the wide range of more secure alternatives on the market. Today, cyber-criminals have a wide range of tactics at their disposal to obtain the all-important passwords guarding organizations’ digital crown jewels.
Popular Password Theft Techniques:
Popular password theft techniques include:
Phishing: A classic with a history dating back over two decades. Last year, phishing accounted for 93% of all data breaches, according to Verizon. Modern developments have seen cyber-criminals using SMS, social media, WhatsApp and VoIP channels to trick users into handing over their credentials.
Malware: Another hugely popular attack type, malware comes in many forms these days. Info-stealers are designed to grab passwords permanently stored in browser vaults, configuration files or third-party apps like mail and FTP software — decrypting the containers in some cases to extract the contents. Keyloggers can harvest passwords as they are typed in, while backdoors and RATs don’t steal credentials directly but can help support malware that does, like banking Trojans.
Man in the Middle (MitM): These attacks require the hacker to intercept traffic (including passwords) flowing between the victim and the service they’re trying to connect to. It’s especially common on public Wi-Fi hotspots.
DNS hijacking: When attackers are able to modify the legitimate DNS records of a website they can trick user to visiting a malicious version under their control. Inserting a phishing site to harvest passwords is a favorite tactic.
Brute force: Automated tools can help attackers to effectively guess their way into accounts by trying a huge number of password permutations in a short space of time. Users make it easier for them by using simple-to-guess passwords and sharing credentials across accounts. If they do this, and one account is breached then attackers can use the information in future attacks on other organizations.
A digital epidemic
The bottom line is that password theft has now reached epidemic proportions. No-one has been able to quantify the volume of breached credentials being traded on the cybercrime underground, but recent data breaches at big-name firms give us an idea. Yahoo tops the list, with three billion account passwords compromised in a 2013 incident, but others including LinkedIn (167m) and MySpace (427m) prove that organizations are failing to get a handle on the problem.
At the end of December, researchers found a further trove of 1.4bn breached passwords on the dark web. Interestingly, the most popular choice was “123456”, used over nine million times.
These are big numbers, but the truth is that it could take only one stolen password to put your organization at risk. Remember, some of the most damaging security incidents ever, such as the breach of 70m customers at US retailer Target, and 21m federal employees at the Office of Personnel Management, came about because of a small number of stolen credentials.
With the right access to a privileged account, attackers could navigate their way through the network to stores of customer data which can be sold on the underground or used directly to commit identity fraud. Compromise of a CEO email account could allow them to carry out lucrative BEC attacks, perhaps, or blackmail against the individual. Access to the right social media or CMS accounts could allow hacktivists to deface and disrupt.
Visibility is power
So, what’s the answer? The good news is that there are a range of threat intelligence tools organizations can use to help them gain the upper hand — reducing risk and accelerating decision making. These platforms will crawl the web, using sinkholes, honeypots, sensors and other tools to provide crucial visibility into the C&C servers that coordinate attacks, so you’ll be the first to know if they turn their attention towards your organization. The same intelligence can be used to proactively hunt and analyze malware to help you fortify cyber-defenses against it.
High quality, actionable intelligence can also provide useful information on how your organization was attacked, to help prevent future raids and password theft.
The best offerings will provide ultra-fresh threat intelligence data so organizations can take swift action to mitigate threats. And they will offer a range of customizable services as there’s no one-size-fits-all when it comes to threat intelligence. Finally, be sure to look for user-friendly data which doesn’t require expert analysts to interpret, and which can be integrated seamlessly into SIEM and existing defenses for maximum ROI.
The bad guys have had it their own way for far too long. It’s time to put them on the back foot for the first time with proactive threat intelligence.
- To find out more on this topic, read our in-depth Credential Theft article on credential compromise and identity theft.
- The Credential Theft Ecosystem report embodies this approach – it is designed to help organizations understand the lifecycle of a compromised credential and keep their organizations’ data safe.