Account Takeover Attack Research: Arctic Wolf Findings
Poorly secured corporate credentials locked only by plain text passwords are golden invitations to executive accounts that allow cyber criminals to pilfer confidential data, intellectual property, funds and other critical material, Arctic Wolf said in a new report.
On average, a typical corporate organization has 17 sets of stolen credentials available to buy on the dark web for hackers to exploit, the company said in its inaugural 2020 Security Operations analysis. The study’s data, gleaned from its eponymous flagship platform and customer experiences, showed that the number of corporate credentials with plain text passwords available on the dark web has ballooned by 429 percent since March.
With access to just one corporate account, attackers can execute account takeover attacks, allowing them to move laterally within an organization’s network to grab all manner of confidential material. By and large, these are night time heists when many in-house security teams are not online. Of the high-risk security incidents observed by Arctic Wolf, 35 percent occur between the hours of 8:00 pm and 8:00 am and 14 percent occur on weekends, the Sunnyvale, California-based security operations provider said.
Not only is the alarming spike in corporate credential leaks a boon for hackers but it makes clear the need for organizations to have dedicated 24×7 monitoring of their network, endpoint, and cloud environments, said Mark Manglicmot, Arctic Wolf’s security services vice president. “The cybersecurity industry has an effectiveness problem, he said. “The only way to eliminate cybersecurity challenges like ransomware, account takeover attacks, and cloud misconfigurations is by embracing security operations capabilities that fully integrate people, processes, and technology,” said Manglicmot.
The report also covers how the COVID-19 pandemic has increased the number of security operations challenges facing organizations, including:
- A 64 percent increase in phishing and ransomware attempts. Hackers have created new phishing lures around COVID-19 topics and adapted traditional lures seeking to take advantage of remote workers.
- Critical vulnerability patch time has increased by 40 days. A combination of higher common vulnerabilities and exposures (CVE) volumes, more critical CVEs, and the emergence of a remote workforce have significantly slowed the patching programs at many organizations.
- Unsecured Wi-Fi usage is up by over 240 percent. Remote work forces connecting to open and unsecured Wi-Fi networks outside of their office or home are now facing increased risks of malware exposure, credential theft, and browser session hijacking.