Blog

Five Steps to Mitigate the Risk of Credential Exposure

Credential exposure is one of the major reasons for cyber security breaches. A recent report states that 1.5 billion credentials and 4.6 billion personal identifiable information (PII) assets were exposed to cyber criminals in 2020. 

Risk of credential exposure

The Global Password Security Report suggests that 50% of people reuse the same passwords across personal and work accounts. Credential exposure can cause severe damage to a company’s data privacy and lead to financial, legal, or reputational consequences. Cybercriminals use credential stuffing, account takeover, brute force, and password spraying to access vulnerable accounts and passwords.

Recently, a credential-stuffing attack attempted to expose 5,500 Canada Revenue Agency (CRA) accounts. Similarly, General Motors, too, faced a credential stuffing attack, which exposed some of their customer credentials to redeem gift card points. 

How CISOs can mitigate the risk of credential exposure

Verizon’s data breach investigations report of 2022 points out that over 60% of breaches happen due to compromised credentials. Cybercriminals use sophisticated tactics like social engineering to gain unauthorized access to an organization’s systems and data. CISOs must stay a step ahead of criminals to mitigate credential exposure. 

Here are 5 key steps that organizations can implement to safeguard against credential exposure:

1. Analyzing weak links

Risk analysis to identify the weak links can help strengthen the company’s credentials. Security teams should analyze their risks by:

  • Checking which credentials allow access to the organization's externally exposed assets (such as web services and databases).

  • Trying to crack the captured passwords and changing the ones that are not strong enough.

  • Checking if employees are using the same password patterns, which might be easy to crack. If so, educate the team on creating strong and different passwords while using password managers to manage them.

2. Multi-factor authentication

Implementing multi-factor authentication (MFA) can help strengthen the security credentials with biometrics, Google authenticator, and fingerprint authentication, among other robust mechanisms. MFA can also help administrators keep track of sensitive platforms. This way, they remain in the loop whenever an unauthorized party attempts to or gains access to systems.

3. Implementing captcha authentication

Cyberattacks like credential stuffing are carried out with a bot. Adding a captcha can help mitigate these risks. Captcha helps the system identify bots and hence prevent incidents of credential stuffing proactively. It is a mechanism to ensure only humans with the correct password gain access to services or assets. 

4. Regularly updating security processes

With every advancement in technology, cyberattack techniques also evolve. So, it is important for organizations to regularly evaluate the security processes and upgrade them to prevent breaches. Training employees to maintain credential hygiene is a key aspect of mitigating the risk of credential exposure.

5. Gather leaked credentials data to mitigate the risk

A new password can be checked against a list of commonly used, known, or previously breached passwords using various platforms. Such platforms implement a k-anonymity model that allows a password to be searched via a partial hash. 

Security teams should collect the leaked credentials data, analyze their sensitivity, and take action like erasing the inactive leaked accounts or changing passwords for active users from an active directory that has been leaked. Once this is done, follow the above steps to ensure that such credential exposure does not get repeated in the future.

As attackers adopt newer techniques, ensuring the security measures taken in a company are up to date becomes even more important. Hence, security should never be considered a one-time effort. Rather, should be a continuous, organic activity aimed at ensuring the security infrastructure of a company is equipped to handle today’s highly dynamic threat landscape.

Conclusion

Some of the large-scale security breaches over the years can be attributed to credential exposures, including Sony’s data breach affecting 93,000 customers, the exposure of over 4,50,000 Yahoo email addresses and passwords, and the JP Morgan corporate credential breach that happened through a third-party site.

Such incidents have only increased in the past few years. The number of credential exposure cases doubled between 2016 to 2020. A recent report identifies credential stuffing as one of the foremost threats that companies face. Despite the lurking threat of credential exposure, the report also states that industry behaviours around passwords are rather poor, with plaintext password storage responsible for most incidents.

At Packetlabs, we help enterprises strengthen enterprise security and help them in mitigating risks like credential exposure. Contact us today to learn more about our services and how we can help create robust security infrastructure for your company.

Featured Posts

See All

October 24 - Blog

Packetlabs at SecTor 2024

Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.

September 27 - Blog

What is InfoStealer Malware and How Does It Work?

InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.

September 26 - Blog

Blackwood APT Uses AiTM Attacks to Target Software Updates

Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.