Dazzpers

We are currently in an era where an immense amount of emails are received per day. Due to time management, sometimes we open the email messages and click on information links without checking the email's origin so we can find ourselves facing a hacker attack.

Mario Moreno

IAM Engineer

August 9th, 2021

As time goes by, identity verification methods become obsolete, so it is necessary to upgrade to more advanced security models to prevent catastrophes within the company and its users. For many years, the security perimeter of the companies was based only on users and passwords, where it was not necessary to have so much management of them since they were local in the company’s servers. However, nowadays with the trend to cloud storage, variety of internet services and social networks, there is a huge number of users and passwords inside and outside the company. As a shocking fact, we have that currently the average citizen in the United States has about 150 users and passwords in private and business life. 

Now we will introduce you to 5 of the main attacks on the area of identity in the world of work. These dangers make many companies vulnerable because they are not aware of the bunch of risks to which they are constantly exposed. 

Broad-based phishing campaigns 

This type of attack is a broad-bases phishing campaign that recognizes which accounts or admins accounts could compromise your organization. Credential theft from phishing is often the first stage of a cyber-attack chain. First, the attacker acquires a list of emails or phone numbers and make a generic call to action for them. Then, this message so broadly distributed and collects some credentials. Finally, the attacker uses the credentials stolen to access data for a more targeted attack on a high value employee. 

Spear phishing campaigns 

This attack involves more research for the target list. Spear phishing focuses on a small number of employees to evade automated filters. It also has a more sophisticated level of engineering with more personal messages a malicious call to action playing with the user emotions such as curiosity fear or rewards. The attacker picks targets doing research a social media or web presence so then he can decide a message pretending to be a colleague and referring to a specific situation. After that, the victim is expected to enter credentials for curiosity or driven by his or her emotions. At last, the attacker will use the credentials of a high value member of the company. 

Credential stuffing 

Credential stuffing is a brute force attack that takes advantage of repetitive passwords on various accounts. Users have totally identical credentials across their accounts. According to Telesign Consumer Account Security Report 73% of the passwords from a user are duplicated. These attacks are done by bots. The anatomy of the attack starts with the attacker acquiring credentials from a website breach or password dump site, so after those automated tools will be used to test credentials on different sites and when successful login occurs, attacker could reach sensitive data and execute another breach.  

Password spraying 

This is also a form of brute force attack where the attacker benefits from the tendency to use passwords as “password1”. The attacker uses a list of commonly-used passwords to match the policy of the domain, so the common password will be tried in multiple accounts to help him avoid detection. When the attacker has a successful login, will use the data and may execute another breach.  

Man-in-the-middle attacks 

MitM is a highly targeted attack that could result in a full take of credentials and data-in-transit. After intercepting the connection, an attacker could take advantage of session hijacking by stealing the session token. The procedure starts when the attacker intercepts a network connection, imitating legitimate Wi-Fi access.  If data is encrypted, the attacker will attempt to disrupt data by tricking the user to install malicious certificate. So then, i f the attack is successful, the credentials may be stolen. Alternatively, the attacker steals the token and could authenticate into the account and execute another breach.  

How to prevent these attacks 

Multifactor Authentication prevents phishing attacks by requiring a second factor when a user may access sensitive corporate data or just a sign on into their systems. So, even if the attacker obtains your credentials, they will not be able to be authenticated. It also prevents credential stuffing and password spraying since stolen or weak credentials are not sufficient to access.  

When MFA is paired with modern identity solutions, there are policies that can be set against the use of compromised or common passwords that could make employees vulnerable. Finally, MFA is also able to prevent MitM attacks by ensuring if credentials are stolen in transit, the second factor is still required to access the account. Even more sophisticated attacks that steal one time password can be prevented by leveraging more authenticators such as U2F security key.  

References:

[1] 5 Identity Attacks That Exploit Your Broken Authentication, Okta Inc., 2021

https://www.okta.com/resources/whitepaper/5-identity-attacks-that-exploit-your-broken-authentication/

en_USEN