The problem of large scale “credential spills” - the theft of usernames and/or passwords - continues to be a major problem despite the total number of credentials being stolen falling between 2016 and 2020, according to research from security firm F5.
While the annual volume of spilled credentials has declined, the number of annual major credential spill incidents more than doubled between 2016 and 2020 (from 52 to 117).
The average spill size declined from 63 million records in 2016 to 17 million records in 2020.
“Breach sizes appear to be stabilising and becoming more consistent over time,” said F5, “but despite consensus about best practices industry behaviours around password storage remain poor”.
Plaintext storage of passwords is responsible for the greatest number of spilled credentials by far, said F5, and the widely discredited hashing algorithm MD5 “remains surprisingly prevalent”.
It said organisations “remain weak” at detecting and discovering intrusions and data exfiltration.
The median time to discovering a credential spill between 2018 and 2020 was 120 days.
Often, spills are discovered on the dark web before organisations detect or disclose a breach.
Tracing stolen credentials through their theft, sale and use across F5 customers revealed that nearly 33 per cent of those logins used credentials compromised in Collection X, a massive set of spilled credentials that appeared for sale on a hacking forum in early 2019.
The stolen credentials in Collection X also showed up in legitimate human transactions, most frequently at banks.
F5's five stages of credential abuse:
-Stage 1: Slow and Quiet. Sophisticated attackers use compromised credentials in stealth mode. This phase usually lasts until attackers start sharing their credentials within their community
-Stage 2: Ramp-Up. As credentials begin to circulate on the dark web, more attackers use them in attacks. The increase in pace means this period only lasts about a month before the credentials are discovered, so the rate of attack goes up sharply
-Stage 3: Blitz. Once the word is out and users start changing passwords, script kiddies and other amateurs race to use the compromised credentials across the biggest web properties they know
-Stage 4: Drop-Off. Credentials no longer have premium value but are still used at a higher rate than Stage 1
-Stage 5: Reincarnation. Attackers repackage spilled credentials hoping for a continued lifecycle
Latest News
-
Microsoft unveils breakthrough quantum chip promising practical computers in 'years not decades'
-
Schroders completes £500m close of UK tech fund
-
China's SAIC and Huawei forge partnership to develop smart EVs
-
UK FinTech Capital on Tap secures £750m funding
-
UK police accused of using ‘racist’ prediction tools
-
Australian children ‘easily circumvent’ age restrictions on social media
Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.
Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.
© 2019 Perspective Publishing Privacy & Cookies
Recent Stories