November 28, 2023 at 06:24AM
Account credentials are highly valuable in cybercrime, with stolen credentials posing a significant risk to organizations. External parties are responsible for 83% of breaches, with 49% involving stolen credentials. Phishing is a common method of credential theft, with threat actors using multi-channel attacks and targeting mobile devices. Phishing-as-a-service (PhaaS) has made it easier for novices to launch attacks. Advanced phishing tools, such as W3LL’s Panel and Greatness, have been used to compromise Microsoft 365 accounts. Stolen credentials are sold on the Dark Web, and password reuse across multiple accounts increases the risks. Financial gain is the primary motivation for credential theft, with threat actors selling stolen credentials on underground forums. Implementing measures like blocking compromised passwords can help secure user credentials.
Key takeaways from the meeting notes:
1. Stolen account credentials pose a significant risk to organizations’ network security, with external parties responsible for a majority of breaches.
2. Phishing, particularly through social engineering techniques, is a common method for compromising credentials, with increasing sophistication and use of multiple channels.
3. Phishing-as-a-service (PhaaS) has made it easier for threat actors to conduct credential theft, even for those without technical skills.
4. Advanced phishing tools, such as W3LL’s BEC phishing kit and Greatness phishing kit, have been used to target Microsoft 365 accounts and bypass multi-factor authentication (MFA).
5. The underground market for stolen credentials is thriving, with billions of credentials for sale on the Dark Web, and prices varying depending on the account type.
6. End-users using stolen credentials and reusing passwords across multiple accounts further compound the risks.
7. Financial gain remains the main motivation behind credential theft, with threat actors selling stolen credentials for profit to other actors who may use them later.
8. Organizations can enhance credential security by implementing measures such as blocking compromised passwords and enforcing stronger password policies.
Note: Please note that some specific details, such as percentages and specific tools, are missing or incomplete in the meeting notes.