Cybercriminals reusing stolen credentials on the rise; research
Digital Shadows highlights the growing risk of account takeovers and the low barrier to entry to automate attacks
Cybercriminals are reusing password and username credentials to target enterprise security, in particular in the gaming, technology, broadcasting and retail sectors.
Digital Shadows outlined the different techniques cybercriminals use to attack organisations in its latest report titled ‘Protect Your Customer and Employee Accounts: 7 Ways to Mitigate the Growing Risks of Account Takeovers".
The research highlighted that cybercriminals are increasingly turning to credential stuffing tools to automate attempts at account takeover. This is a type of brute force attack whereby large sets of credentials are automatically inserted into login pages until a match with an existing account is found.
Rick Holland, VP Strategy at Digital Shadows, said: "Many organisations are suffering breach fatigue due to the huge numbers of credentials exposed via not only high profile incidents like those suffered by Myspace, LinkedIn and Dropbox, but also from tens of thousands of smaller breaches.
"But it is critical that businesses arm themselves with the necessary intelligence and insight to manage their digital risk and prevent this problem credential exposure from escalating into an even more severe problem."
The report also stresses that whilst multi-factor authentication can further protect organisations it is not the only solution. Digital Shadows advises increasing user awareness, deploy an inline Web Application Firewall or monitor email domains.