Powered By
INTELLIGENT BRANDS // Enterprise Security
Digital Shadows research reveals
password and username reuse is
major threat to enterprise security
D
igital risk management
company Digital Shadows has
unveiled research into some of
the main techniques cybercriminals
are using to target organisations using
stolen credentials which have been
reused across a variety of sites and
online forums.
The report ‘Protect Your Customer
and Employee Accounts: 7 Ways To
Mitigate The Growing Risks Of Account
Takeovers’ also outlines what measures
organisations can implement to protect
against such attacks.
The research reveals that cybercriminals
are increasingly turning to credential
stuffing tools to automate attempts at
account takeover. This is a type of brute
force attack where large sets of credentials
are automatically inserted into login pages
www.intelligentcio.com
until a match with an existing account is
found. Based on configurations, the most
common targets for these attacks are the
gaming, technology, broadcasting and
retail sectors.
Last year Digital Shadows found that
97 per cent of businesses in the ‘Forbes
1000’ had their valuable credentials
exposed, usually by employees using
the same details across multiple sites
and platforms. Now criminals are
recognising that employees often have
poor username and password discipline
and are using these in mass automated
credential stuffing attacks aiming to
gain access to corporate networks.
“Many organisations are suffering breach
fatigue due to the huge numbers of
credentials exposed via not only high
profile incidents like those suffered by
Myspace, LinkedIn and Dropbox, but
also from tens of thousands of smaller
breaches,” said Rick Holland, VP Strategy
at Digital Shadows. “But it is critical that
businesses arm themselves with the
necessary intelligence and insight to
manage their digital risk and prevent
this problem credential exposure from
escalating into an even more severe
problem.”
The report also suggests that while
multi-factor authentication (MFA) can
help to protect organisations and their
customers from account takeovers, it
cannot be seen as a silver bullet to solve
the problem of account take overs.
“Enterprises - and the companies that
work for and with them - need to be
better prepared for this sort of brute
force attack,” added Holland.
INTELLIGENTCIO
59