There are seemingly an infinite number of ways to compromise a system. An important premise of security is effort, increasing the effort hackers must take to compromise an account. Some cyber-attacks theoretically take millions of years, others take seconds, it is our role to ensure we are making it as difficult as possible for the attacker. The lowest hanging fruit of them all are user’s credentials.
Phishing is the most common form of credential leak, 74% of organisations are successfully targeted by a phishing attack, 83% of which are not discovered for weeks. 91% of attackers who compromise an account using phishing are accessed within the week and all that is needed is a single email. For example, by spoofing a Windows 11 upgrade email, attackers can target entire organisations, who are then compromised due to a single click.
If your account is not compromised via phishing, it may be a part of a data leak. In 2019 the largest ever collection of credentials, named ‘Collection #1’, was released, with more than 87GB of data separated over 12,000 files. To hack a user, the first course of action is checking an organisation’s online profile and compiling a list of all employees, with first and last names. Cross-referencing this list with all available data leaks, containing previously phished emails and usernames, there is bound to be a credential that matches. If this method were to fail, a hybrid-brute force attack is plan C. By slightly modifying the extracted dictionary of passwords, such as adding ‘1’ to the end, the hacker could continue a brute-force method to compromise an account. There is a high chance that this works, re-used passwords, a lack of SOC monitoring and improperly managed environments would let this all fall through.
This is all easily done from the comfort of someone’s home, utilising a VPN, TOR browser and a scammed credit card to buy leaked credentials. This is where Security Operations Centre (SOC) monitoring and reporting is crucial. What is your organisation doing about these popular and successful attacks? This is where SOC monitoring and reporting comes in. It is a SOC’s responsibility to monitor all traffic, no matter how mundane it may seem. The SOC will also continuously suggest improvements to your environment and help implement them to keep your environment secure. For example, do you have your Microsoft environment set up to detect every phishing link? What do you do with that information? We at Brace 168 have the answer to that.
Brace168 has the capability of dark-web monitoring, to figure out which user’s credentials have been leaked and help create preventative measures against this. Whilst you cannot check every password, we at Brace168 have the resources to check every login, looking for anomalous activity, helping you keep your organisation safe. We can run phishing campaigns and security awareness training to raise awareness around phishing and reduce the risk of a successful phishing attack.
Brace168 hosts a state-of-the-art Security Operations Centre, with constant protection and monitoring to protect you against malicious activity. Ask your security staff how they prevent and, most importantly, monitor the most obvious forms of attacks. We at Brace168 monitor all customer data, reporting anything malicious to customers swiftly and constantly engaging in uplifting the security posture of our customer’s environment.