Have you ever forgotten your password and got locked out of your account? It can be frustrating when it happens but it’s for good reason. Approximately 43% of all online log in attempts are malicious. However, hackers can sometimes successfully enter your account with your stolen credentials. This leads to credential abuse. It can be difficult to detect credential abuse because hackers are using authorized accounts. It can be especially damaging if hackers gain access to a privileged account because they would be able to move more freely throughout your network.

credential abuse

Source: WeLiveSecurity

What is Credential Abuse & How Does It Happen?

Credential abuse happens when hackers use illegally obtained accounts and passwords to access information or takeover accounts. Once hackers gain access to your accounts, they either sell your information or credentials, engage in ransomware or take your data for other malicious reasons. They can access credentials through:

Dark Web: A lot of stolen data, such as those from data breaches, can be found on the dark web. Approximately 2.3 billion credentials were spilled last year alone. Hackers can also easily purchase credentials for as little as $3.

Keylogging: Keylogging captures and records a person’s keystrokes. Hackers use keylogging to find out people’s PIN codes, passwords and other important information. Oftentimes, victims are unaware that their actions are being tracked. Hackers can install keylogging into victim’s smartphones and computers via malware or Trojans.

Phishing: Hackers phish for credentials by posing as someone you may know or a person with authority, such as a colleague or boss. They target individuals by sending them e-mails saying they need to update their accounts or change their passwords. These e-mails often look real, which makes it easy for someone to accidentally give out their information.

Once hackers gain access to your credentials, they validate the data by trying to log in. Bots are a common way for hackers to engage in credential abuse because they can test multiple usernames and passwords at a high speed. The use of bots or programs to act as a  flood of login attempts is known as credential stuffing, and costs businesses over $5 billion per year. Once hackers confirm the stolen credentials work, they can use that information against other accounts you may have, such as your online bank accounts and e-mail. Hackers use multiple IP addresses and proxy servers to hide their actions.

How to Protect Yourself

Awareness: Awareness is key to recognizing a cyber attack. When people are alert, they know what to look out for and avoid. Users should monitor their accounts for unusual activity such as multiple log in attempts. Websites should be on the look out for an unusual spike in traffic, which could potentially indicate a bot-driven credential abuse attack. The threat landscape is always changing which means we must keep up to stop cyber criminals.

Changing passwords: Attackers can easily access accounts across multiple websites because people tend to use the same password. Users should regularly change their passwords and use different ones across their accounts.

Layered security: Since hackers are constantly trying to gain access into every entry point, it’s important to have multiple layers of security to make it harder for them to enter.

Use Security information and event management (SIEM): You can’t determine user problems if you fail to keep track of the users in your network. With SIEM, you can track and record the activities happening in your IT environment.  The SIEM then analyzes all these events to detect unusual behaviour and acts to stop it. At Jolera, our Secure I.T.™ solution provide various security services that are run through the SIEM to help improve overall security posture.