Home / / Cybercriminals reusing stolen credentials on the rise; research

Cybercriminals reusing stolen credentials on the rise; research

Digital Shadows highlights the growing risk of account takeovers and the low barrier to entry to automate attacks

Cybercriminals reusing stolen credentials on the rise; research
Rick Holland, VP Strategy at Digital Shadows

Cybercriminals are reusing password and username credentials to target enterprise security, in particular in the gaming, technology, broadcasting and retail sectors.

Digital Shadows outlined the different techniques cybercriminals use to attack organisations in its latest report titled ‘Protect Your Customer and Employee Accounts: 7 Ways to Mitigate the Growing Risks of Account Takeovers".

The research highlighted that cybercriminals are increasingly turning to credential stuffing tools to automate attempts at account takeover. This is a type of brute force attack whereby large sets of credentials are automatically inserted into login pages until a match with an existing account is found.

Rick Holland, VP Strategy at Digital Shadows, said: "Many organisations are suffering breach fatigue due to the huge numbers of credentials exposed via not only high profile incidents like those suffered by Myspace, LinkedIn and Dropbox, but also from tens of thousands of smaller breaches.

"But it is critical that businesses arm themselves with the necessary intelligence and insight to manage their digital risk and prevent this problem credential exposure from escalating into an even more severe problem."

The report also stresses that whilst multi-factor authentication can further protect organisations it is not the only solution. Digital Shadows advises increasing user awareness, deploy an inline Web Application Firewall or monitor email domains.

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.