Every
year,
billions
of
credentials
appear
online,
be
it
on
the
dark
web,
clear
web,
paste
sites,
or
in
data
dumps
shared
by
cybercriminals.
These
credentials
are
often
used
for
account
takeover
attacks,
exposing
organizations
to
breaches,
ransomware,
and
data
theft.

While
CISOs
are
aware
of
growing
identity
threats
and
have
multiple
tools
in
their
arsenal
to
help
reduce
the
potential
risk,
the
reality
is
that
existing
methodologies
have
proven
largely
ineffective.
According
to
the

2022
Verizon
Data
Breach
Investigations
Report,
over
60%
of
breaches
involve
compromised
credentials.

Attackers
use
techniques
such
as
social
engineering,
brute
force,
and
purchasing
leaked
credentials
on
the
dark
web
to
compromise
legitimate
identities
and
gain
unauthorized
access
to
victim
organizations’
systems
and
resources.

Adversaries
often
leverage
the
fact
that
some
passwords
are
shared
among
different
users,
making
it
easier
to
breach
multiple
accounts
in
the
same
organization.
Some
employees
reuse
passwords.
Others
use
a
shared
pattern
in
their
passwords
among
various
websites.
An
adversary
can
use
cracking
techniques
and
dictionary
attacks
to
overcome
password
permutations
by
leveraging
a
shared
pattern,
even
if
the
password
is
hashed.
The
main
challenge
to
the
organization
is
that
hackers
only
need
a
single
password
match
to
break
in.

To
effectively
mitigate
their
exposure,
given
current
threat
intelligence,
organizations
need
to
focus
on
what
is
exploitable
from
the
adversary’s
perspective.

Here
are
five
steps
organizations
should
take
to
mitigate
credentials
exposure:

Gather
Leaked
Credentials
Data

To
start
addressing
the
problem,
security
teams
need
to
collect
data
on
credentials
that
have
been
leaked
externally
in
various
places,
from
the
open
web
to
the
dark
web.
This
can
give
them
an
initial
indication
of
the
risk
to
their
organization,
as
well
as
the
individual
credentials
that
need
to
be
updated.

Analyze
the
Data

From
there,
security
teams
need
to
identify
the
credentials
that
could
actually
lead
to
security
exposures.
An
attacker
would
take
the
username
and
password
combinations
(either
cleartext
or
hashed),
then
try
to
use
them
to
access
services
or
systems.
Security
teams
should
use
similar
techniques
to
assess
their
risks.
This
includes:

• Checking
  if
  the
  credentials
  allow
  access
  to
  the
  organization’s
  externally
  exposed
  assets,
  such
  as
  web
  services
  and
  databases
• Attempting
  to
  crack
  captured
  password
  hashes
• Validating
  matches
  between
  leaked
  credential
  data
  and
  the
  organization’s
  identity
  management
  tools,
  such
  as
  Active
  Directory
• Manipulating
  the
  raw
  data
  to
  increase
  the
  achieved
  number
  of
  compromised
  identities.
  For
  example,
  users
  commonly
  use
  the
  same
  password
  patterns.
  Even
  if
  the
  leaked
  credentials
  do
  not
  allow
  access
  to
  external-facing
  assets
  or
  match
  Active
  Directory
  entries,
  it
  may
  be
  possible
  to
  find
  additional
  matches
  by
  testing
  variations.

Mitigate
Credential
Exposures

After
validating
the
leaked
credentials
to
identify
actual
exposures,
organizations
can
take
targeted
action
to
mitigate
the
risk
of
an
attacker
doing
the
same.
For
instance,
they
could
erase
inactive
leaked
accounts
in
Active
Directory
or
initiate
password
changes
for
active
users.

Reevaluate
Security
Processes

After
direct
mitigation,
security
teams
should
evaluate
whether
their
current
processes
are
safe
and
make
improvements
where
possible.
For
instance,
if
they
are
dealing
with
many
matched
leaked
credentials,
they
may
recommend
changing
the
entire
password
policy
across
the
organization.
Similarly,
if
inactive
users
are
found
in
Active
Directory,
it
may
be
beneficial
to
revisit
the
employee
offboarding
process.

Repeat
Automatically

Attackers
are
continuously
adopting
new
techniques.
Attack
surfaces
change,
with
new
identities
being
added
and
removed
on
a
routine
basis.
Similarly,
humans
will
always
be
prone
to
accidental
mistakes.
As
a
result,
a
one-time
effort
to
find,
validate,
and
mitigate
credential
exposures
is
not
enough.
To
achieve
sustainable
security
in
a
highly
dynamic
threat
landscape,
organizations
must
continuously
repeat
this
process.

However,
resource-constrained
security
teams
cannot
afford
to
manually
perform
all
these
steps
on
a
sufficient
cadence.
The
only
way
to
effectively
manage
the
threat
is
to
automate
the
validation
process.

Pentera
offers
one
way
for
organizations
to
automatically
emulate
attackers’
techniques,
attempting
to
exploit
leaked
credentials
both
externally
and
inside
the
network.
To
close
the
validation
loop,
Pentera
provides
insights
into
full
attack
paths,
along
with
actionable
remediation
steps
that
allow
organizations
to
efficiently
maximize
their
identity
strength.

To
find
out
how
Pentera
can
help
you
reduce
your
organization’s
risk
of
inadvertent
credential
exposure,

contact
us
today
to
request
a
demo.