Compromised credentials and insider threats are a recipe for disaster when it comes to viable data security. The lack of resources, a rapid shift from traditional infrastructures to cloud-based models, and a huge influx of unmanageable IT accounts are all contributing to the growing data threats in the workplace of today.
Let us now explore compromised accounts and insider threats in depth.
Compromised Credentials
A Cybersecurity Insiders’ 2020 Insider Threat Report concluded that 63 percent of organizations believe that privileged IT users are the greatest underlying threat to security.
For most users, compromised credentials are the end-result of re-using the same passwords on multiple websites, not changing the passwords frequently, and or not applying complexities to their passwords. This provides opportunities for malicious threat actors to easily crack passwords and gain access to user accounts.
Besides these generic reasons for compromised credentials, there are also a few other factors at play that can throw any user into a dungeon of security attacks and compromised credentials.
Phishing
Have you ever wondered why a celebrity contacted you via email or a bank sent you a link to get tons of cash? Well, if you do come across those situations often, then you have been a target of phishing attacks.
A compromise of this nature is spawned mainly through emails and contains a link to a malicious URL. Once the URL is clicked, a website is launched that can either download malware, execute remote code, conspicuously infect the computer with ransomware, or request further user credentials.
There are many ways to carry out phishing attacks but the most popular method is by sending a convincing email to innocent users with a disguised URL waiting to be clicked. The main goal is to dupe the email recipient into believing that the message was sent from a trusted entity or has something of value for them. The message could come disguised as one from their bank account or an email from a co-worker for example.
Almost most of the phishing emails come with clickable links or downloadable attachments making it very tempting for the end-users to click and get trapped.
Online phishing attacks date back to the 1990s and are still the most popular as new and sophisticated phishing techniques are being developed by threat actors.
Vishing
Just like phishing, a vishing attack is also carried out by fooling users into giving out valuable information. This attack is mainly carried out in the form of an enticing voicemail which comes equipped with instructions on how to call a certain number and provide personal information which is then used for stealing identities and for other malicious purposes.
Smishing
This is also a type of attack created to lure victims in the form of SMS or text messages. It relies on the same emotional appeals of the previous attacks and pushes the users to click on links or perform certain actions.
Solutions for Compromised Credentials
All account compromises have the same purpose but different delivery methods. The following are some measures that can help you recover and protect yourself from future compromises.
- Use your browser’s built-in utility tool like Google’s Password Manager to check if your passwords have been compromised.
- Reset passwords or disable compromised accounts.
- Use a password management tool like LastPass to generate complex passwords and to store them securely.
- Employ robust end-point security through trusted anti-virus engines and anti-malware software.
Insider Threats
An insider threat, as the name implies, is a type of security breach that has its roots inside the targeted company. Among the many ammunitions in their arsenal, insider threats are employed by attackers using various social engineering tactics.
The main threat actors can be any or a combination of current or former disgruntled employees, contractors, or business partners. At times, the threat actors might be innocent victims of data bribes providing information unknowingly.
Insider Threat Actors
A Verizon Data Breach study report conducted in 2019 discovered that 34 percent of all data breaches were conducted through insiders. Inside every organization, there are three types of potential threat actors.
Turncloaks
These are the internal threat actors within a company who deliberately and maliciously steal information to gain profits. By abusing their privileges they get hold of sensitive company information and secrets and even disrupt projects to gain superiority.
Pawns
Pawns are simply innocent employees or vulnerable targets who mistakenly share information. In some cases, they might even be coaxed into sharing information by the Turncloaks.
These employees can also be classified as careless employees as they might not follow standard security protocols, for instance, they might leave their computers unlocked and unattended, share credentials with co-workers or grant unnecessary permissions.
Compromised Employees
Compromised employees pose the biggest insider threat to any organization. Since most employees who are compromised are not aware of it, they can keep spreading security risks inadvertently. As an example, an employee might have unknowingly clicked on a phishing link granting access to an attacker inside the system.
Solutions for Insider Threats
Following are some solutions that can help thwart insider threats:
- Train users to spot malicious emails by providing them with security awareness training. Users should also learn how not to click on anything in their emails without full verification.
- Conduct User and Entity Behavior Analytics (UEBA) which is a process that considers the normal user behavior patterns and flags suspicious behavior. The idea behind this method lies in the fact that a hacker can guess credentials but cannot imitate a certain user’s normal behavior pattern.
- Implement network security by adding all malicious URLs and IP addresses to firewall web filters to block them for good.
Staying Safe From Common Threats
Compromised account credentials and insider threats are mushrooming at an alarming pace nowadays. Coupled with the above-mentioned descriptions and mitigation solutions, you should now be able to prevent yourself from falling prey to these malicious attacks.
Always remember that when it comes to user security, prevention is definitely better than cure.