Did you leave your front door open? Why cyberattacks surge using valid credentials

Have you ever been locked out of the house?

Maybe you forgot your keys on the kitchen table, lost them running errands, or unknowingly dropped them while attempting the It doesn’t matter how you got locked out, or how you got back in. What’s more important, for the purposes of this thought exercise, at least, is how you responded.

Try to remember. What did you do in those initial moments of desperation? Chances are you didn’t immediately Google “locksmiths near me.” Maybe you were eventually left with no other choice. But if you’re anything like me, before calling for professional help, you, first, examined every reachable window and door, hoping at least one had been left unlocked or open. If that didn’t work, perhaps you then also checked under every potted plant, rock, and car wheel well for a spare key your spouse or roommate may have hidden? Am I getting warmer?

The point is, it’s a lot easier to gain access to your home by way of an unlocked patio door or spare key than it would be by breaking a window, paying a locksmith, or seeing an open second-floor bathroom window and thinking, “I bet if I had a ladder, I could squeeze through that tiny window and get back into my house!”

Cybercriminals are no different. Sometimes the path of least resistance is an easily acquired login credential from an unknowing employee. As cybercriminals continue to evolve their tactics, these phishing attacks have become more sophisticated and harder to detect, especially with the latest AI technology.

“71% Year-over-year increase in cyberattacks that used stolen or compromised credentials.”

– IBM X-Force Threat Intelligence Index 2024

IBM’s latest X-Force Threat Intelligence Index for 2024 sheds light on a concerning trend: the increasing exploitation of valid user accounts to infiltrate corporate networks. This report, based on an extensive analysis of over 150 billion security events daily across more than 130 countries, underscores the growing threat posed by compromised credentials.

In fact, threat actors’ preferred method of accessing a network is no longer hacking. Instead of squeezing through a second-floor window, they would much rather walk right through the front door with valid credentials, likely acquired with malware or phishing attacks.

Martin Borrett, technical director at IBM Security UK and Ireland, highlights that cybercriminals are weaponizing identity, leveraging legitimate accounts to compromise enterprise systems. The data reveals that 50% of cyberattacks in the UK involve the exploitation of valid accounts as the initial attack vector, demonstrating the effectiveness of this approach in breaching business defenses.

According to a recent article in Telecom Tech News, the rise in attacks utilizing valid accounts poses significant challenges for enterprises, with attackers increasingly targeting critical infrastructure organizations globally. In the same article Julian David, CEO of techUK, termed the report a “stark wake-up call,” emphasizing the urgent need for businesses to adopt strategic measures to fortify their defenses against this sophisticated threat landscape.

For example, organizations should evaluate and reinforce their legacy applications wherever possible, while also implementing modern security protocols, such as unified Identity and Access Management solutions. Experts believe taking such steps will be crucial to mitigating risks and enhancing cybersecurity posture as threats continue to evolve.

Zero Trust Security, which we covered in two posts on the blog earlier this month, is another important strategy that can help organizations overcome the rise in cyber threats and the challenges posed by the modern technology environment.

According to Brandon Leiker, solutions architect at 11:11 Systems: “The primary concept of Zero Trust is that users and devices should not be trusted implicitly, even if they are connected to a private internal network controlled by the organization. Instead, access is based on the principle of ‘never trust, always verify,’ where identity and permissions are continuously re-verified.”

In his post, Justin Giardina, CTO at 11:11 Systems, went on to say that: “Zero Trust operates on the assumption that threats can lurk anywhere (even within your organization). Therefore, every user, device, and network flow is treated as potentially compromised and must be verified and vetted before granting access.”

So, the next time you lock yourself out of the house, take a moment to see how easy it is (or isn’t) to get back. Were you eventually able to walk in the front door without much trouble? Then realize that nefarious actors are actively looking to gain access to corporate networks around the globe in much the same way — and your organization could be their next, or even current, target. And making matters worse, their methods, like phishing attacks, have never been harder to detect thanks to the rise of AI and other modern technologies.

That is why implementing a Zero Trust architecture as part of a multi-layered cybersecurity strategy is paramount — to keeping pace with these evolving threats and keeping bad actors out. To learn more about how to protect your organization with Zero Trust, take a look at these additional 11:11 resources and tools:

• • Webinar – Securing Cloud with Zero Trust
  • White paper – Never Trust, Always Verify
  • Blog Posts – What is Zero Trust Security and Why Do I Need it? and Navigating the complex world of zero trust security
  • Product Page – 11:11 Systems Managed Security Services