Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.
“These shifts suggest that threat actors have revalued credentials as a reliable and preferred initial access vector. As threat actors invest in infostealers to grow their credential repository, enterprises are pushed into a new defense landscape where identity can no longer be guaranteed,” wrote the X-Force report.
Organizations must focus on access control
The only way to prevent the use of valid credentials is to make sure that the person using the account is the person who was issued the credentials. This requires organizations to focus on access control to validate the identity of every user every time they access sensitive information.
Moving towards mobile credentialing
However, the traditional username and password credentials are easily used for cyber crimes. Hackers often break into accounts by figuring out the password using artificial intelligence (AI). Additionally, credentials are often sold on the dark web, making it very easy for a cyber criminal to use ..
Support the originator by clicking the read the rest link below.
