In the ever-evolving landscape of cybercrime, stolen account credentials have emerged as a prized commodity, posing a significant risk to organizations worldwide. The 2023 Verizon Data Breach Investigation Report highlights the alarming fact that external actors were responsible for a staggering 83% of breaches between November 2021 and October 2022, with nearly half of these incidents involving pilfered credentials.
Social engineering, a leading cybersecurity threat in 2023, continues to be a key weapon in the arsenal of threat actors. Phishing, constituting a substantial portion of social engineering attempts, stands out as the preferred method for credential theft due to its cost-effectiveness and high success rate.
The Evolution of Phishing Tactics
Phishing campaigns have undergone a transformation, evolving into multi-channel attacks with various stages. Beyond emails, threat actors exploit text messages and voicemails to direct victims to malicious websites, enhancing their deception with follow-up phone calls. Mobile devices are now prime targets, with social engineering tactics reaching users across different apps, leading to a 50% exposure rate to phishing attacks on personal devices in every quarter of 2022.
The Role of AI in Credential Theft
Artificial Intelligence (AI) has added a new layer of sophistication to phishing attempts. By leveraging victim research data, AI is employed to craft personalized phishing messages, enhancing their credibility and broadening the scope of attacks.
Phishing-as-a-Service (PhaaS): The Gateway to Credential Theft
The rise of phishing-as-a-service (PhaaS) has lowered the entry barrier for aspiring threat actors. Phishing kits available on underground forums allow even novices lacking technical skills to launch attacks. Operating on subscription models, PhaaS mirrors legitimate Software as a Service (SaaS) businesses, requiring the purchase of licenses for these kits to function.
Advanced Phishing Tools: W3LL’s Panel and Greatness
W3LL’s Panel, a sophisticated phishing kit, gained notoriety for successfully infiltrating at least 8,000 corporate Microsoft 365 business email accounts between October 2022 and July 2023. Operating within an underground market, W3LL’s kit specializes in bypassing multi-factor authentication, contributing to an estimated revenue of $500,000 over the last ten months.
Greatness, another prominent phishing kit, incorporates features such as Telegram bot integration and IP filtering. With capabilities similar to the W3LL Panel, Greatness exploits a phishing email to redirect victims to a fake Microsoft 365 login page, bypassing multi-factor authentication by prompting victims to submit codes on a decoy page.
The Underground Market for Stolen Credentials
The Dark Web witnessed a surge in the sale of credentials, surpassing 24 billion in 2022. Prices vary based on account type, with cloud credentials fetching prices akin to a dozen donuts, while ING bank account logins can command as much as $4,255. Access to these underground forums is often restricted, requiring verification or membership fees.
End-User Risks and Credential Reuse
The dangers of stolen credentials are exacerbated when end-users reuse passwords across multiple accounts. Threat actors capitalize on this behavior, purchasing stolen credentials with the knowledge that many individuals use the same passwords across personal and business platforms.
Motivations Behind Stolen Credentials
Financial gain remains the driving force behind 95% of breaches. Threat actors sell stolen credentials on underground forums, paving the way for subsequent malicious activities, including malware distribution, data theft, and impersonation. The disconnect between those who steal credentials and those who exploit them underscores the enduring profitability of stolen credentials in the cybercriminal underworld.
Securing User Credentials: A Vital Imperative
As organizations grapple with the pervasive threat of credential theft, implementing robust security measures becomes imperative. Solutions like Specops Password Policy with Breached Password Protection offer a proactive approach by blocking known compromised passwords, fortifying the password infrastructure and enforcing stronger policies to meet compliance requirements. The question remains: What steps is your organization taking to safeguard its users’ credentials in this era of escalating cyber threats?