The importance of protecting credential thefts from nation-state attackers
Updated Mon, June 19, 2023 4:51 EST
Nation-state attacks saw heightened activity during the period 2017 to 2020. In 2019, cyberattacks increased by 42% and were attributed to malicious attackers in foreign countries. Nearly 25% of the cyber breach was linked to espionage, and another 24% was accounted for by Ransomware. Cybercriminals targeted login credentials by targeting cloud-based email accounts. And yes, the most vulnerable accounts were belonging to the C- level executives of organizations.
The Objective of Non-state actors
The threat from non-state actors and the espionage link have highlighted the threat landscape regarding a sensitive data breach.
The approach of attackers is evolving with every passing day. Conventional hacking and phishing, and ransomware for monetary gains is widespread knowledge publicly, and organizations have taken steps to secure their systems. Now organizations are being targeted for theft of another kind. Secret thefts, including intellectual thefts, are now being pursued by cybercriminals. Nation-state actors place greater emphasis on credential theft than money. They leverage credentials and secretly gain access over a while.
What is credential theft?
It is a form of cybercrime that attackers use to steal the identity details of the victim. Once the attacker successfully steals the credentials, they have the same privileges as the victim for accessing the system. This is the first stage of the long-term planning of a credential-based attack.
Attackers handle credential thefts in two ways. One is to reset the password, lockout the victim from the account, download the victim's private data, wipe out the data and backup of the victim, and gain access to other systems in the network. The other type of attack is to clandestinely gain remote access into the system using a legitimate password. This is done by login into third-party services like Microsoft 365, Dropbox, etc., that are used for regular business operations.
Modus operandi of Credential theft
Attackers usually indulge in phishing to get passwords from victims. This is an inexpensive way to steal passwords as users are often careless and thus vulnerable to attackers who use many methods such as credential leaks, brute force, or guessing. The credentials are extracted in the form of plain text or hashes, or tickets. Unlike malware that breaches through the organization system's security defense, phishing is more based on human interaction.
Attackers also search on social media sites of users whose critical information can help them attack corporate credentials. Attackers make fake emails and websites that look like official communication and send them to users who fall for the trap of clicking on those invites.
Cybercriminals usually sell stolen credentials on the dark web to nation-state attackers looking for an uncomplicated and quick way to get information. The dark web is encrypted and cannot be accessed on the internet easily as they are not found on indexed search engines. A malicious attacker who uses malware usually purchases stolen credential and quietly attack the system. This has the advantage of making less noise not likely to be detected initially.
Attackers who plan high money heist operations like ransomware often use this method. This is similar to a robber who prefers having duplicate keys to the house or access code to the alarm system that does not make any noise when breaking into the house. The cybercriminals who are individuals, groups part of nation-state attack buy the credentials to gain silent entry and wait till the ransom is successfully concluded.
Though cyber-attacks happen purely for financial gains where attackers prefer making big gains in one swift operation, the longer game of credential theft is to make safe money from selling the credentials on the dark web and coming out unscathed. The other motive for such attacks is to target educational and research organizations where the objective of the nation station cybercriminals is to get hold of data, web applications, software chain supply, emails, and intellectual property (IP) on about anything sensitive that matters to a country. Post Covid-19, many nations are trying to get vaccine's intellectual property information from other countries who have developed it.
Protection from credential theft
Whether small or big, private or state-owned, all organizations need to have a high-priority policy on addressing suspicious logins. In recent times, some of the biggest cyber breaches have involved credential thefts and disrupting the supply chain operations for days, leading to substantial operational, and financial loss. Also, acknowledgment from the victim organizations, that a ransom was paid to the attackers to reopen the system.
Ways to Protect against cyber attacks
They are many ways to secure an organization system, such as
- Training the employees to create strong passwords, keep changing them regularly, and be alert from any spear phishing.
- IT departments should ensure compulsory two-factor authentication (2FA) as any suspicious logins will be detected in real-time.
- Implement identity access management and outsource it to third-party services to constantly monitor and handle password management systems and block users from unknown websites and applications.
- Management should have a hierarchy policy on who can access corporate credentials from approved applications.
- Update and upgrade operating systems and devices regularly.
- Conduct regular threat or vulnerability assessments of the system and report to management on potential gaps in the system.
- Use tools for monitoring traffic, especially as the network is cloud-based and susceptible to encryption.
- Subscribing tools that check whether an email address and password are compromised or not. Today, there are many tools available in the market and used by IT security teams of organizations and external cybersecurity services. Even individuals can use this tool to find if their online credentials have been stolen or not. The services apart from checking emails also provide notification and protection services.
Nation-state attackers are increasingly using sophisticated and divergent methods to steal login credentials. They harvest the stolen credentials and wait for the right moment to strike. As per Microsoft reports, credential theft is now on top of the attacking techniques used by nation-state cyber attackers over the past year. The only way to protect from cyber attackers is to use some of the tips mentioned above and ensure that security teams successfully slow down credential theft attacks on critical infrastructure and keep important systems from getting locked.
Get the latest news, invites to events, and threat alerts
VMware issued an immediate patch to fix a severe security flaw in its Carbon Black App Control product
Updated Fri, April 14, 2023 4:28 EST
Fortinet provides critical security updates for 40 vulnerabilities in its products, including FortiWeb, FortiOS, FortiNAC and FortiProxy.
Updated Fri, April 14, 2023 4:28 EST
GoDaddy Unveils a Years-Long Security Compromise Resulting in Malware Installations and Source Code Theft.
Updated Fri, April 14, 2023 4:27 EST
Updated Fri, April 14, 2023 4:27 EST
SAML, or Security Assertion Markup Language, is a process for telling external services and applications the user is the same person who has logged in. The SAML process makes the single sign-on (SSO) technology. It authenticates a user and then uses that authentication for multiple applications. The current version in use is the SAML 2.0, and it has been in use since 2005. It has combined several earlier versions of SAML and is now the modern standard.
Updated Mon, February 20, 2023 8:12 EST
Edge computing is one of the most innovative concepts within the sphere of networking that has got a lot of companies interested these days. The networking philosophy brings computing functionalities to the data source so that bandwidth and latency get minimized. In other words, edge computing involves managing fewer cloud-based processes and getting them to a local area, like an edge server, a computing device, or an IoT device. By managing computation close to the network’s edge, it is possible to bring down the need for long-distance communications that must take place between the server and the client.
Updated Mon, January 30, 2023 1:30 EST
Despite repeated warnings over the years on Password usage, people still make the same mistake, and the most popular passwords are terrible and easy to guess. The easy-to-guess password makes it easy for hackers to steal credentials and cause data loss. Passwords are the main reason for data theft, and experts say it is time to get rid of passwords.
Updated Mon, January 30, 2023 1:27 EST
The awareness about having strong passwords is now in the mainstream, and everyone seems to have realized by now that having passwords like “12345678” or “Password123” is not doing any favor when it comes to security issues. While we are witnessing improved password security, another problem or something complex that needs to get addressed here is the “security questions."
Updated Mon, January 30, 2023 1:23 EST