Password reuse remains a major vulnerability in cybersecurity, with 53% of people admitting to reusing passwords. This practice makes it easier for hackers to gain access to multiple applications and systems. Attacks often start with compromised credentials obtained through phishing, unsecured networks, malware-infected devices, or the use of common passwords. Hackers can crack hashed passwords and sell the information to other cybercriminals. Despite cybersecurity training, password reuse remains prevalent due to human nature.
To mitigate the impact of compromised passwords, multi-factor authentication (MFA) is recommended. MFA adds an extra layer of security by requiring users to verify their login request with something beyond their password. However, a recent article by Dr. Renée Burton, Senior Director of Threat Intelligence for Infoblox, highlights how cybercriminals are undermining trust in MFA. Criminals have started targeting MFA services, using phishing attacks to intercept MFA codes and gain unauthorized access. Infoblox has developed custom algorithms to detect MFA-lookalike domains and has observed a rise in attacks since June 2022.
The article also shares a case where a company called Retool fell victim to a spear smishing attack, compromising their MFA authentication and Google's MFA synchronization. This incident emphasizes the need for users to be vigilant and for the security industry to continuously improve its ability to detect and thwart these attacks.
According to a recent report by IBM, cybercriminals are increasingly exploiting user identities to compromise enterprises. The 2024 X-Force Threat Intelligence Index reveals an emerging global identity crisis, with cybercriminals exploiting valid accounts to gain unauthorized access. In 2023, there was a 71% spike in cyberattacks caused by exploiting identity, highlighting the prevalence of this attack vector. The report also highlights that nearly 70% of attacks globally targeted critical infrastructure, which could have been mitigated with patching, multi-factor authentication, or least-privilege principles. Ransomware attacks on enterprises dropped by nearly 12% as larger organizations opt against paying and decrypting.
The X-Force analysis projects that when a single generative AI technology approaches 50% market share or when the market consolidates to three or fewer technologies, it could trigger at-scale attacks against these platforms. Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web. Major incidents caused by attackers using valid accounts were associated with nearly 200% more complex response measures by security teams than the average incident. The report also notes a 100% increase in 'kerberoasting' attacks, where attackers attempt to impersonate users to escalate privileges by abusing Microsoft Active Directory tickets. Security misconfigurations accounted for 30% of total exposures identified [e4af6812] [aed7454d] [9861e672].