The cybersecurity threat landscape is always evolving, and organizations need to stay on top of its developments to be better prepared to ward off attackers lurking in the shadows. Attackers employ various techniques to break into an organization's network, causing significant monetary and reputation losses. In this blog, we'll discuss two techniques that, when executed successfully, can cause irreparable damage to an organization.
Credential stuffing is a method in which attackers steal credentials or buy them, and use those credentials to try and log in to user accounts using automated bots. According to F5's 2021 Credential Stuffing Report, these incidents have nearly doubled between 2016 and 2020.
Credential stuffing is often confused with a brute-force attack. The difference between the two lies in the fact that instead of trying out every possible combination as a password to log in, credential stuffing makes use of stolen user credentials. A credential stuffing attack is thus more likely to succeed than a brute-force attack.
Stolen credentials from breached databases are commonly sold on hacker forums and the dark web, allowing an attacker to easily get a hold of them if they're willing to pay the price. Then, the attacker employs botnets and other automated tools that can stuff these stolen credentials into the login pages of several websites. Credential stuffing banks on the fact that users tend to reuse passwords across multiple platforms. So, if a user uses the same login credentials for a previously breached website and a website on which a credential attack has been mounted, they're more likely to fall victim to such an attack.
There are a few telltale signs that indicate a credential stuffing attack has been executed.
Credential stuffing attacks typically lead to subsequent lateral movement attacks. Let's take a look at lateral movement in detail.
In this technique, attackers move through a network to look for vulnerabilities and escalate privileges. This helps the attackers get a better idea of the network's internal mapping and identify targets to help them launch a full-scale attack on the organization.
The attacker first compromises an account and gains access to the organization's network—this can be done via phishing, credential stuffing, brute-force attacks, or other similar techniques. Once inside the network, they attempt to break into other systems by using keyloggers and phishing tools to trick other users into disclosing credentials. They continue traversing the network until they reach their ultimate goal—domain administrator privileges—which provides them complete control over the organization's network, allowing them to control the domain.
The account that's initially compromised is often a low-privilege account with which nothing significant can be achieved by the attacker, requiring them to access accounts with higher privileges in order to cause any real damage to the organization.
Detecting lateral movement in a network can be difficult because it may appear like normal network activity, but here are a few things to keep in mind.
Cyberattacks are a harsh reality, and attackers will continue trying new ways to breach organizations' security; attacks like credential stuffing and lateral movement are just the tip of the iceberg. With a proper security and log management solution such as Log360 in place, organizations can ensure they're fortifying their network against these attacks.
Check out Log360's fully functional, 30-day, free trial now to start protecting your network.
You will receive regular updates on the latest news on cybersecurity.
© 2021 Zoho Corporation Pvt. Ltd. All rights reserved.