Stolen Credentials

How Stolen Credentials and Ransomware are a Simultaneous Threat

Defending from Both Directions

Over the past decade, the cyber landscape has evolved rapidly. But as Mike Wilson points out for Forbes, with every positive change or technological advancement comes several layers of cyber threat, as criminals continue to seek out weaknesses wherever they can. 

Each year the Verizon DBIR provides an overall update on current threat trends and provides insight into who or what is being attacked, why they were targeted, and how the attack was launched. The 2022 report revealed that system intrusion attacks are the leading reason for data breaches—these types of attacks include everything from malware to shell access to a device, but the main culprit is ransomware. 

Ransomware was the cause of 12% of all breaches in 2020 and is now up to 25%. 

These attacks are launched at every industry and every size of business, from mid-sized finance companies to government institutions. Successful ransomware attacks seem to feature in the news constantly, and it’s not just due to the increased rate overall. The popularization of cyber currencies makes it faster and less traceable for criminals to demand, and receive, payment. 

But, how is this increase in ransomware attacks really happening? 

The root cause for many of them, traced far back enough, is compromised credentials

While you’ve likely heard the phrase, it can be a process to understand precisely why compromised credentials (username and password combination) are such a massive problem in today’s cyber landscape. One of the factors is that the sheer volume of stolen passwords, logins, and email addresses available—for free and for a price—on the Dark Web, continues to grow exponentially. Out of the billions available, the ability for criminals to leverage the information becomes even more simple thanks to the rampant problem of password reuse. 

The vast majority of users reuse passwords, sometimes many times, and across personal and professional boundaries. Even more, users choose a favorite ‘root’ password with slightly-altered iterations for each account—making it easy for them to remember, but even easier for a criminal to guess, and thus access even more of their accounts and personal information. 

Once cybercriminals have a set of credentials, the techniques they can use to access data are numerous. Whether it’s getting personal information or financial documents from an individual account, or enacting a phishing scheme while posing as a known person to seem more legitimate, threat actors can have huge impacts on individuals. 

They can also use stolen credentials to commit fraud by taking out credit cards or insurance policies in someone else’s name. 

Compromised credentials can also be used to infiltrate entire companies. A single set is all that’s needed for threat actors to have an entry point into a secure system, where they can then run amok, install ransomware… and the pattern continues

What’s the Fix? 

While both ransomware and compromised credentials are daunting challenges, there are efficient ways to decrease the use of stolen login details within a system. NIST standards outline several suggestions for companies to employ, including eliminating periodic password resets, reevaluating existing password policies, and screening passwords against a blacklist of compromised credentials. 

As Wilson writes, “stolen credentials remain the Achilles’ heel of the threat landscape, and defending against them must be prioritized in every security posture.” 

He’s right; unless organizations—of all industries and sizes—tackle compromised credentials from the top down, we are likely to see continued increases in traumatizing ransomware attacks from all angles.