Hackers are targeting user credentials: Here’s how to stop them

Johannesburg, 31 May 2024
Prof Danny Myburgh is MD of Cyanre the Digital Forensic Lab and CyberCom Africa.
Prof Danny Myburgh is MD of Cyanre the Digital Forensic Lab and CyberCom Africa.

Cyber attacks are sophisticated, making it easier and more accessible for non-tech savvy people to buy malware on the dark web. However, within this complex cyber landscape, it’s easy for businesses to forget that compromised credentials remain the most prominent way hackers gain access to networks.

In fact, according to Crowdstrike’s 2022 Threat Hunting Report, malware-free activity accounts for a staggering 71% of all attacks. This shouldn’t come as a surprise. Another topic I frequently touch on is the human element in businesses. Your people can act as a human firewall – or they can be a soft target for hackers. It all comes down to how well they are educated and the cyber awareness culture in your organisation.

Credentials are easy pickings

Malicious actors know that obtaining credentials gives them unchallenged access to an organisation’s network without raising any red flags. Unfortunately, criminals are well-practised at using various underhanded techniques to steal them. Favourite tactics include social engineering and phishing attempts through e-mails, WhatsApp and social media. Often, this involves bombarding users with fake push notifications to give up their login passwords.

Having captured valid credentials, attackers can then start pursuing the main objective, which is to enter a network and begin elevating privileges to gain access to valuable or sensitive information and potentially to install ransomware. The problem is that once inside the network, the imposter looks like a legitimate user and can move around unnoticed.

Uncovering and stopping these seemingly invisible credential-based attacks before severe damage is done requires a different mindset from the belief that attacks can always be prevented.

Instead, consider these four reality checks:

Accept that getting hacked at some point is inevitable. How that incident is dealt with will avert a disaster. Being able to spot an attacker quickly and take immediate action is vital.

Recognise that anyone could be a potential target and that everyone is prone to making mistakes sometimes. Continuous training will help staff avoid risky behaviours such as clicking on links in phishing e-mails or social media, whoever they are from, whether that’s colleagues, customers, suppliers or friends and family. But it won’t eliminate the problem.

Acknowledge that adversaries are intelligent and persistent. Criminals constantly refine their methods, find weaknesses and devise new approaches.

Almost every cyber attack involves credentials. After using them unobtrusively to gain access, the attacker will work out how to exploit misconfigurations, poor security practices or unpatched software to gain administrative rights or higher privileges until they reach what they seek.

Protecting your people, organisation and data

Many high-level technology and cyber security solutions can protect your organisation from cyber criminals, but the three most important – and immediate – solutions are working with an experienced 24/7 response team, implementing multi-factor authentication (MFA), and adopting zero trust protocols. Let’s examine each of these.

1. 24/7 rapid response

Incident response aims to identify the threat actors, prevent lateral movement, contain or terminate cyber attacks, minimise data loss and inhibit future attacks. This is only possible if the breach is quickly detected and a team can respond immediately. Only some in-house IT teams have cyber attack experience or are on call 24/7, 365 days a year. A rapid response team that deals with cyber incidents daily knows exactly what tactics cyber criminals are currently employing and how to detect and defeat them.

Assisted by the industry’s most advanced technology platforms and the latest curated intelligence from around the world, CyberCom places local and international experts at our client’s immediate disposal to manage analyse and resolve any security incidents in a fraction of the time compared to conventional approaches.

2. Multi-factor authentication (MFA)

MFA is a security tool that requires users to provide two or more verification factors to access online resources such as applications, cloud software platforms, or online accounts. The traditional perimeter of networks has changed, particularly with hybrid working and the move to the cloud, and attack surfaces are now larger than ever with multiple entry points across devices and platforms. MFA has, therefore, become critical thanks to its ability to provide enhanced security compared to single-factor authentication.

Since passwords can be easily compromised, MFA addresses this vulnerability by requiring additional verification, which means that even if a password is stolen, an attacker still needs the second or third factor to gain access. This extra layer of security helps protect sensitive information and systems from unauthorised access, reduces the risk of identity theft, and enhances overall security for individuals and organisations. By implementing MFA, users and companies can significantly lower the risk of security breaches and protect their data more effectively.

3. Zero trust security

The old assumption that everything inside the network is safe is obsolete, as evidenced by the rise in internal threats and breaches exploiting network vulnerabilities. Zero trust mitigates these risks by continuously validating every stage of digital interaction. It is a security concept and framework that operates on the principle of ‘never trust, always verify’. Unlike traditional security models that assume everything inside an organisation’s network is safe, zero trust treats all users and devices inside or outside the network as potential threats and requires strict identity verification before granting access. This approach eliminates the concept of a trusted internal network and an untrusted external network. Instead, access decisions are made based on evaluating the risk associated with each request, regardless of where the request originates. This means implementing strict user authentication, device validation and least-privilege access control. Zero trust architectures often use technologies like MFA, identity and access management (IAM) systems, micro-segmentation and continuous monitoring and validation to ensure security.

How can we help?

CyberCom Africa’s Managed Security Services allow our clients to prevent, detect and respond to cyber incidents. CyberCom is your managed security services partner. CyberCom's Managed Security Services aim to prevent damage, detect breaches, respond to and manage cyber incidents to reduce recovery time and costs, establish how a breach occurred and prevent future breaches.