An Emphasis on the Value of Your Credentials

Underscoring the crucial need to secure account credentials, Cisco Talos manager, Hazel Burton reports the stark shift in strategy of threat actors relying on compromised credentials to initiate their attacks. Alarmingly, the use of valid accounts ranked as the second-most common technique observed by Talos in their threat telemetry for 2023, indicating its widespread adoption by malicious actors. "26% of all Cisco Talos Incident Response engagements last year involved the use of valid accounts," Burton reports.

Compromised credentials present a lucrative commodity for cybercriminals, with the dark web serving as a marketplace for their trade. High-privileged accounts fetch considerable prices, incentivizing attackers to target individuals with access to critical resources. Based on Cisco Talos's telemetry it's identified that 36% "of malicious tooling was also focused on accessing and collecting credentials."

Moreover, the evolving nature of work practices, such as remote access and cloud solutions, has shifted attackers' focus towards exploiting user credentials rather than traditional vulnerabilities. As organizations adapt to remote work trends, the importance of robust authentication measures, including multi-factor authentication (MFA), becomes paramount in thwarting unauthorized access attempts. "Most companies think that cyber attacks will come from “the outside in.” Attacks that use valid accounts to log on take more of an “inside-out” approach," Burton explains.

Talos identifies a range of tactics employed by threat actors to obtain and exploit credentials, including phishing, input capture, and brute force attacks. These methods underscore the multifaceted nature of identity-related attacks, encompassing both technological vulnerabilities and human susceptibility to manipulation. To mitigate such risks, Talos recommends a comprehensive security approach, including access restriction, MFA implementation, routine auditing, and a zero-trust architecture.

Implementation of MFA is often vital as a stop measure to counter adversary attacks. A prior report by Cisco Talos outlined the value of MFA as its implementation alone could have deterred ransomware attacks.