Immunize Your Organization Against the Growing Leaked Credentials Threats
By Michael Tan + VP of Sales, Asia Pacific and Japan
Stolen or leaked credentials are a severe risk to all organizations. Verizon's 2022 Data Breach Investigations Report (DBIR) found that over 60% of breaches involve compromised credentials, and that number rises to 80% of Web Application breaches. Cyber criminals are targeting organizations and users in an attempt to exfiltrate credentials so they can sell or share them on the dark web, paste sites and data dumps. These stolen credentials are then used for breaching organizations through social engineering, phishing, brute force attacks, account takeovers, or other methods, to gain unauthorized access to organizational systems and resources.
The Difficulty Defending Against Leaked Credentials
In an attempt to deal with this vulnerability, CISOs have been employing multiple security methodologies and controls. Despite the best attempts and invested resources, breaches continue to rise annually as hackers continue to target credentials.
With the dynamic nature and size of today’s IT environments, companies struggle to continuously validate their credentials against the mass of leaked credentials. With the proper credentials in-hand, hackers appear to be authorized users and are very difficult to spot. The current process to validate against leaked credentials requires hours of manual work by security teams who must test the validity of leaked credentials found online against their organization, and this cannot scale to the size of today’s organizations. Furthermore credentials that are validated may also become relevant again at any future point, and manual methods can’t re-validate credentials continuously without a significant time investment.
An effective solution must take into account that company credentials are already available to hackers among the millions that already exist on the dark web and paste sites, and seek to validate security against these credentials. This action must be automated, consistent and continuous, to ensure its efficacy.
Securing the Organization Through Real Credential Testing
Pentera provides Credential Exposure, a module within its Automated Security Validation platform for combating the threat of leaked credentials. This module automatically locates and validates your organization against real stolen and compromised credentials found online and provides mitigation steps in case of an exposure.
The Credential Exposure module leverages hashed or clear text credentials found on the dark web and paste sites in millions of attack vectors based on real-world hacker techniques. The module maps the internal and external attack surface to identify potential points of credential compromise. Pentera filters the validation-applicable domain credentials for a set domain out of its threat intelligence credential bank. Credential Exposure proactively stuffs or relays credentials in various techniques to attempt to gain a foothold or privilege and allow the emulated attack vector to progress. Visibility and reporting enables security teams to initiate clear mitigation steps. These steps include password reset, hardening policies, and employee education in order to address and mitigate the credential exposures as instances are detected.
Organizations require a new solution. By continuously testing against real leaked credentials, companies can keep themselves safe from this growing threat.