Talk to an Expert
Search
Close this search box.
Talk to an Expert

Credential theft and exploitation

How to protect yourself and your business.

There will be 4x more supply chain attacks in 2021*

Credential theft is a cybercrime involving the unlawful attainment of an organisations’ or individual’s password(s) with the intent to access, abuse or exfiltrate critical data and information.

Often an early stage of a cyber-based attack, credential theft enables attackers to operate undetected throughout a network, reset passwords and wreak havoc within an organisation.

*Source: The European Union Agency for Cybersecurity

How credential theft occurs

Overall, cybercriminals have become increasingly sophisticated and specific when targeting organisations as well as their users.

Often, they work to identify the users and their device(s), providing access to an influx of sensitive and highly confidential data, such as financials.

Credential-based attacks open the door for more repeatable attacks, as they allow threat actors to take on the personality of an individual that is authorised to access targeted data, making every attack an insider threat.

Common methods used by cybercriminals include Phishing, Malware, Brute Force Attacks, Exploiting Weak/Default credentials, Credential Stuffing and Exploiting Vulnerabilities.

Source

The Risks

Cyber threats related to credential theft

The way credential theft is carried out, and how credentials are then used, can vary. Some of the threats worth being aware of include:

  • Phishing

Phishing is an advanced social engineering attack that aims to entice the victim into voluntarily revealing sensitive information and depends on a specific narrative or image to present itself as legitimate. Cybercriminals use phishing to induce individuals to reveal personal information, such as passwords and credit card numbers.

  • Credential Stuffing

A credential stuffing attack occurs when a cybercriminal uses a set of credentials to attempt to gain access to several accounts at once.  This method is very effective as almost two-thirds of internet users reuse their passwords.

  • Password Spraying

Similar to credential stuffing, password spraying depends on a username rather than a full set of credentials. This method involves taking a verified username and inputting it into several accounts in combination with common passwords. If a user doesn’t carry out good password habits, most or all of their accounts can be jeopardised by guessing common password.

0
%
of cloud data breaches involve credential tehft
0
billion
Stolen credentials in circulation
0
%
Volume of annual credential spill incidents in the last 4 yeasrs
0
mil
Records exposed in data breaches in Q1/2 2021

WHAT TO LOOK FOR

Detecting Credential Theft

Identifying credential theft attacks early and mitigating them in seconds is critical when working to protect sensitive data.

  • Monitor activity and identify use of credentials that violate heuristics e.g. geo-infeasible logins.
  • Be cautious of multiple logins in a short duration of time across the network that clearly appear to be programmatic rather than human initiated.
  • Identify domain and typosquatting attacks that may attempt to look like a corporate application or email system.
  • Look for the use of weak and outdated authentication protocols.

Source

Detecting these kinds of patterns is error prone and time confusing as it is  often a manual effort without the right security tools.

Further, many tools that  apply a basic anomaly detection approach to the problem inundate the system with false positives and thus adding further operational overhead for the security team. 

Advanced network traffic analysis tools that utilise a combination of machine learning approaches are currently available that can overcome many of these shortcomings and can autonomously hunt for credential theft.

ACTION PLAN

Our advice and recommendations

Consumers’ best protection against stolen credentials being used against them is to regularly change passwords and use multi-factor authentication wherever possible.

  • Train employees on how to create strong passwords and detect phishing or spear-phishing
  • Replace single-factor authentication (SFA) with two-factor authentication (2FA).
  • Follow privileged access management (PAM) best practices.
  • Limit corporate credentials to approved applications
  • Keep operating systems and devices up to date.
  • Conduct regular vulnerability assessments.
  • Block usage from unlikely or unknown applications and websites.
  • Use encryption, endpoint security and traffic monitoring tools.

The latest on Ransomware

Gridware is proud to be a thought-leader in cybersecurity, creating and leading conversations in this space. Check out a selection of our published work from our Sydney based Cyber Defence Centre (CDC), and learn how our cyber expertise has led to partnerships with leading Australian Universities.

Cybersecurity Latest

US Ban on Chinese Cars Raises Cybersecurity Concerns as Aussies Embrace BYD and MG

Cybersecurity Latest

Gridware CEO Speaks to Al Jazeera as CrowdStrike Issues Root Cause of Major IT Outage

Cybersecurity Latest

Investigation Underway for Major Data Breach Impacting Over 1 Million NSW Club Customers

Cybersecurity Latest

US Ban on Chinese Cars Raises Cybersecurity Concerns as Aussies Embrace BYD and MG

Cybersecurity Latest

Gridware CEO Speaks to Al Jazeera as CrowdStrike Issues Root Cause of Major IT Outage

Cybersecurity Latest

Investigation Underway for Major Data Breach Impacting Over 1 Million NSW Club Customers

Cybersecurity Latest

Qantas App Glitch Exposes Personal Data as Users Accidentally Access Others’ Accounts

Cybersecurity Latest

MediaWorks New Zealand Data Breach Exposes 2.4 Million

Cybersecurity Latest

LockBit’s Back After Police Takedown

How Gridware can help

Security Assessments

As a provider of CREST-approved penetration testing as well as vulnerability assessment, social engineering and red teaming services, Redscan’s ethical hacking team has extensive experience of assessing organisations’ technology, personnel and processes against the latest attack techniques and helping organisations to address them.

Threat Detection

Detecting a supply chain attack quickly is the key to ensuring the damage isn’t irreversible. Firewalls and antivirus software are not enough to protect you against the latest threats. Our certified security professionals employ cutting-edge threat intelligence to hunt for malware and other cyber threats and help quickly shut them down.

Training & Awareness

Your users are your last line of defence. Educate them about the latest email threats, and ensure they understand their fraudulent nature and know how to report them to your security teams. Gridware security awareness training and phishing simulation provides all necessary tools to train your users to recognise and report phishing emails, which will prevent email fraud and data loss.

Protect your data

If threat actors take control of your data, there’s no need to pay a ransom or go through a difficult and tedious recovery process — if you have a strong, modern, easy-to-use backup solution. We offer superior backup solutions — on-premises or in the cloud — that make it simple and fast to restore an up-to-date copy of any file, whether you’re restoring an entire server or specifically selecting files to restore.

Get in touch today

Our team is ready to answer your queries. Contact us now.

Site Navigation

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Incident Response

Penetration Testing

Governance & Audit

Company

About Gridware

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Careers

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Featured Categories

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

View All Services

Products

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Solutions

By Industry

By Regulation

By Threats

Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Subscribe to Cyber Insights

Published Insights

Cybersecurity Latest

Success Stories

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →

Contact Us