At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Valid Accounts Rank as the Top Initial Access Infection Vector, Putting a Spotlight on Credentials

    As ransomware, business email compromise, and phishing attacks continue to escalate, new data sheds light on where organizations need to focus to help put a stop to attack success.

    We’ve long known that credentials are the key to a successful cyberattack. They enable initial access to endpoints, lateral movement, entrance to applications, and access to data. New data from security vendor Talos’ Quarterly Report: Incident Response Trends in Q3 2022 shows repeatedly that credentials are a material focus for threat actors from a few perspectives.

    Perspective 1: Initial Attack Vector

    We all know that the need for credentials are an eventual certainty, but Talos identified the use of Valid Accounts as the top infection vector in Q3, citing cases where “accounts were misconfigured, not disabled properly, or had weak passwords.”

    InfectionVectors-dark

    Source: Talos

    Perspective 2: Tools Used

    Threat actors have a wide range of native, malicious, and misused legitimate tools at their disposal that aid in every aspect of a cyberattack. What’s interesting is that, according to the Talos data, over two-thirds of tools seen being used during attacks focused on accessing and collecting credentials.

    Tools-dark

    Source: Talos

    Perspective 3: Top Observed MITRE ATT&CK Techniques

    I’m a big fan of the ATT&CK framework, as it provides security professionals with a way to better understand the threat actions being taken in order to create a more effective defense. According to the Talos data, the MITRE technique T1078 Valid Accounts was the most observed threat action during attacks.

    The Talos data provides objective evidence that credentials are a focus for attacks today. What’s necessary is to stop the misuse of credentials at the initial attack by ensuring strong passwords are used, and that users don’t fall victim to credential harvesting scams – something taught via Security Awareness Training. If we can stop making it so easy for threat actors to misuse valid credentials, the end result will be far less successful cyber attacks.

    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Request a Demo!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top