Thursday, March 28, 2024

Possible credential attack vectors and ways to prevent credential based attacks

Password combined with username form credentials, nearly everything we do online require credentials in our modern world.

To be secure, you’re relied upon to give each of these accounts a solid, unique password that you change consistently and store such that attacker couldn’t make use of it if stolen. Furthermore, you should make a unique username too.

But in practical it is hard to remember username and password.Strong unique passwords are harder to create and to remember, researchers from Paloalto released a White paper on  Credential based attacks, which summarize the possible password attacks and defense mechanism we are to see here.

Stealing credential doesn’t require any technical skills, zero-day attack or to be an advanced persistent threat (APT) to empty a bank account, compromise a network, or cripple a company.

Just the right credentials, attackers even rent keyloggers, Trojans from darkweb to complete their job. Ppublically announced, high-profile breaches support the idea that stolen credentials are much more typical a reason for an effective attack than zero days or APTs.

Possible credential attack vectors and ways to prevent credential based attacks
Source PaloAlto Networks

How attackers steal Credentials

It’s is no big surprise, that these are the five essential systems that attackers use for stealing credentials.

  1. Social engineering.
  2. Phishing and spam.
  3. Reusing stolen passwords or shared credentials.
  4. Brute force.
  5. Security question reuse

Social Engineering

Social engineering refers to the strategy for influencing and convenience people to uncover
sensitive data to play out some malicious activity.

With the assistance of social designing traps, attackers can acquire confidential data, and get confidential information, authorization details and access details of people by deceiving and manipulating them.

Oxford English Dictionary refers Social Engineering as the use of deception to
manipulate individuals into divulging confidential or personal information that may be
used for fraudulent purposes.

Phishing and spam

Phishing is one of the most common methods of stealing the credentials, malicious links lead to websites that look the same as the legitimate site, and often use a similar URL with one or more typos.

The Victims who open malicious attachments, the malware itself will often employ a keylogger, which records every keystroke made and sends them to the attacker as shown.

Beyond simple keyloggers, attackers will also use a credential harvesting program, such as Mimikatz or gsecdump, to steal any additional credentials stored in memory on the device.

It doesn’t make a difference if yours is a 35-character arbitrary password with letters, numbers and developed characters or just “password”; once it’s stolen in this way.

Reusing stolen passwords or shared credentials

The attacker doesn’t simply take credentials to use for themselves any longer; they take them to sell that access to others.

In an expansion, it’s turning out to be increasingly basic for hackers to basically, present stolen passwords on the web for anybody to utilize.

The chief reason credentials have any monetary value is that most people rarely change them and often reuse passwords across multiple accounts. That means these credentials can remain valid for months or years.

Once attackers acquire credentials, they begin “credential stuffing”: putting as many
credentials as possible into as many sites as possible, to gain access to as many
accounts as possible, as quickly as possible.

Brute force

Bruteforce is simply a program tries every possible combination characters until the password is broken.

In some cases, the lack of strong passwords is the fault of the organization, when it doesn’t enforce the use of strong passwords and instead allows accounts to have weak passwords.

There are software programs to both help create and store strong, unique passwords, which have gone far in securing accounts for those who use them.

In any case, they aren’t perfect and can be prime focuses for hackers; one of these projects, LastPass, was itself hacked in 2015, with client account data stolen.

Security question reuse

Security questions have settled in, turning into a layer of validation in addition to, or rather than, passwords.Security questions are an almost feature of account recovery capabilities.

If you’ve ever lost or overlooked a username or, particularly, a password, chances are you’ve needed to answer a security question to reset or recover your username and password.

Unfortunately, security questions are a weak lack of Authentication.

  • To begin with, it’s a similar class of authentication factor as passwords: something you need to know.
  • Second, security questions tend to ask questions whose answers attackers can
    gather from online research, especially in an era of social media. Typical security
    questions are predictable and their answers, easy to research.

Since security inquiries are intended to be simple things for individuals to recall,
it additionally tends to make them static, similar to school mascots or attendance dates, and essential occasions or individuals in a man’s life, making them much more prone to be
archived on the web.

What attackers can do with Passwords

With stolen credentials grant attackers the power to do everything and access everything the legitimate user can.

Some ransomware attackers, such as those behind Samsa, also rely on stolen credentials to
gain access, move laterally and then encrypt only the most valuable data.

There are also some other ways attacker use stolen credentials.

Remote Access – Attackers can use stolen credentials to gain remote
entry into networks using Virtual Private Networks (VPN) and Remote Access
Protocols, like RDP and VNC.

Lateral Movement – Stolen credentials (especially domain admin
credentials) are a massive benefit to attackers who need deeper penetration
into a network.

Cloud Access – Cloud services are often defended only by user credentials,
and the data inside them is invaluable, especially as organizations move more
and more information off-premises and into the cloud.

Countermeasures

Prevention theft can be avoided by focusing the following areas.

  • Password need to be changed frequently and used should be blocked with a number of attempts.
  • It should be important to keep password lengthy, complex and don’t share your passwords.
  • An effective training to be conducted for employees, whereas effective background check and proper termination policy are important.
  • Instead of fixed password use TFA or 2FA for highly secured networks.
  • Phishing Emails need to be detected, hover the mouse cursor over the link to see the link type before clicking.
  • Secure all documents containing sensitive information.
  •  Don’t reveal your sensitive details over the telephone.

Conclusion

It is important to understand that technology alone cannot solve the problem of
credential theft, and that people and processes are critical elements in the defense
plan.

Organizations need to adopt and enforce processes as well as people-readiness
programs to ensure a complete approach to defending against these attacks.

It is essential to perceive that a comprehensive defense approach is required and that organizations should be set up to shield against these risk.

Also Read

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles