惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
P
Palo Alto Networks Blog
T
ThreatConnect
Apple Machine Learning Research
Apple Machine Learning Research
博客园_首页
T
True Tiger Recordings
P
Privacy & Cybersecurity Law Blog
B
Blog
IT之家
IT之家
Last Week in AI
Last Week in AI
F
Full Disclosure
Hacker News: Ask HN
Hacker News: Ask HN
C
Comments on: Blog
Microsoft Azure Blog
Microsoft Azure Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Microsoft Security Blog
Microsoft Security Blog
博客园 - 【当耐特】
N
News and Events Feed by Topic
NISL@THU
NISL@THU
腾讯CDC
雷峰网
雷峰网
Security Latest
Security Latest
李成银的技术随笔
M
Microsoft Research Blog - Microsoft Research
L
LangChain Blog
L
Lohrmann on Cybersecurity
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Check Point Blog
Y
Y Combinator Blog
Recent Announcements
Recent Announcements
博客园 - Franky
N
News | PayPal Newsroom
V
V2EX
A
About on SuperTechFans
The Register - Security
The Register - Security
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google Online Security Blog
Google Online Security Blog
MyScale Blog
MyScale Blog
Cisco Talos Blog
Cisco Talos Blog
Vercel News
Vercel News
WordPress大学
WordPress大学
C
Cyber Attacks, Cyber Crime and Cyber Security
The Hacker News
The Hacker News
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
爱范儿
爱范儿
A
Arctic Wolf
L
LINUX DO - 最新话题
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

WeLiveSecurity

The quest for greater tech independence Why geopolitical turmoil is a gift for scammers, and how to stay safe FrostyNeighbor: Fresh mischief and digital shenanigans Eyes wide open: How to mitigate the security and privacy risks of smart glasses Fake call logs, real payments: How CallPhantom tricks Android users Fixing trivial passwords is as easy as 123456 A rigged game: ScarCruft compromises gaming platform in a supply-chain attack This month in security with Tony Anscombe – April 2026 edition The calm before the ransom: What you see is not all there is GopherWhisper: A burrow full of malware New NGate variant hides in a trojanized NFC payment app Ransomware’s back office: What the ransom note won’t say Why that next data breach alert could be a trap Supply chain dependencies: Have you checked your blind spot? Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’ As breakout time accelerates, prevention-first cybersecurity takes center stage Digital assets after death: Managing risks to your loved one’s digital estate This month in security with Tony Anscombe – March 2026 edition RSAC 2026 wrap-up – Week in security with Tony Anscombe A cunning predator: How Silver Fox preys on Japanese firms this tax season Virtual machines, virtually everywhere – but not all protected Cloud workload security: Mind the gaps Move fast and save things: A quick guide to recovering a hacked account EDR killers explained: Beyond the drivers Face value: What it takes to fool facial recognition Cyber fallout from the Iran war: What to have on your radar Sednit reloaded: Back in the trenches What cybersecurity actually does for your business How SMBs use threat research and MDR to build a defensive edge Protecting education: How MDR can tip the balance in favor of schools This month in security with Tony Anscombe – February 2026 edition Mobile app permissions (still) matter more than you may think Faking it on the phone: How to tell if a voice call is AI or not PromptSpy ushers in the era of Android threats using GenAI Is Poshmark safe? How to buy and sell without getting scammed Is it OK to let your children post selfies online? Naming and shaming: How ransomware groups tighten the screws on victims Taxing times: Top IRS scams to look out for in 2026 OfferUp scammers are out in force: Here’s what you should know A slippery slope: Beware of Winter Olympics scams and other cyberthreats This month in security with Tony Anscombe – January 2026 edition DynoWiper update: Technical analysis and attribution Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan Drowning in spam or scam emails lately? Here’s why ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 Children and chatbots: What parents should know Common Apple Pay scams, and how to stay safe Old habits die hard: 2025’s most common passwords were as predictable as ever Why LinkedIn is a hunting ground for threat actors – and how to protect yourself Is it time for internet services to adopt identity verification? Your information is on the dark web. What happens next? Credential stuffing: What it is and how to protect yourself This month in security with Tony Anscombe – December 2025 edition A brush with online fraud: What are brushing scams and how do I stay safe? Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET Threat Report H2 2025 Black Hat Europe 2025: Was that device designed to be on the internet at all? Black Hat Europe 2025: Reputation is currency – even in the ransomware economy Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece The biggest catch: How whaling attacks target top executives Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture MuddyWater: Snakes by the riverbank Oversharing is not caring: What’s at stake if your employees post too much online This month in security with Tony Anscombe – November 2025 edition What parents should know to protect their children from doxxing Influencers in the crosshairs: How cybercriminals are targeting content creators MDR is the answer – now, what’s the question? The OSINT playbook: Find your weak spots before attackers do PlushDaemon compromises network devices for adversary-in-the-middle attacks What if your romantic AI chatbot can’t keep a secret? Can password managers get hacked? Here’s what to know Why shadow AI could be your biggest security blind spot In memoriam: David Harley The who, where, and how of APT attacks in Q2 2025–Q3 2025 ESET APT Activity Report Q2 2025–Q3 2025 Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming How social engineering really works | Unlocked 403 cybersecurity podcast (S2E6) Ground zero: 5 things to do after discovering a cyberattack This month in security with Tony Anscombe – October 2025 edition Fraud prevention: How to help older family members avoid scams Cybersecurity Awareness Month 2025: When seeing isn't believing Recruitment red flags: Can you spot a spy posing as a job seeker? How MDR can give MSPs the edge in a competitive market Cybersecurity Awareness Month 2025: Cyber risk thrives in the shadows Gotta fly: Lazarus targets the UAV sector SnakeStealer: How it preys on personal data – and how to stay safe Cybersecurity Awareness Month 2025: Building resilience against ransomware Minecraft mods: When ‘hacking’ your game becomes a security risk IT service desks: The security blind spot that may put your business at risk Cybersecurity Awareness Month 2025: Why software patching matters more than ever AI-aided malvertising: How chatbots can help spread scams How Uber seems to know where you are – even with restricted location permissions Cybersecurity Awareness Month 2025: Passwords alone are not enough The case for cybersecurity: Why successful businesses are built on protection Beware of threats lurking in booby-trapped PDF files Manufacturing under fire: Strengthening cyber-defenses amid surging threats New spyware campaigns target privacy-conscious Android users in the UAE Cybersecurity Awareness Month 2025: Knowledge is power
Are cybercriminals hacking your systems – or just logging in?
2025-09-11 · via WeLiveSecurity

Business Security

As bad actors often simply waltz through companies’ digital front doors with a key, here’s how to keep your own door locked tight

11 Sep 2025  •  , 5 min. read

Are cybercriminals hacking your systems – or just logging in?

Why break a door down and set the house alarm off when you have a key and a code to walk in silently? This is the rationale behind a trend in cybersecurity where adversaries are increasingly looking to steal passwords, and even authentication tokens and session cookies to bypass MFA codes so they can access networks by masquerading as legitimate users.

According to Verizon, “use of stolen credentials” has been one of the most popular methods for gaining initial access over recent years. The use of stolen credentials appeared in a third (32%) of data breaches last year, its report notes. However, while there are several ways threat actors can get hold of credentials, there are also plenty of opportunities to stop them.

Why credentials are ground zero for cyberattacks

According to one estimate, over 3.2 billion credentials were stolen from global businesses in 2024, a 33% annual increase. With the access these provide to corporate accounts, threat actors can effectively slip into the shadows while plotting their next move. This might involve some more advanced forms of criminal exploitation, for example:

  • Conducting network reconnaissance: looking for data, assets and user permissions to go after next
  • Escalating privileges, e.g. via vulnerability exploitation, in order to move laterally to reach those high-value data stores/systems
  • Covertly establishing communications with a command-and-control (C2) server, to download additional malware from and exfiltrate data  

By working through these steps, an adversary could also carry out highly successful ransomware and other campaigns.

How they get hold of passwords

Threat actors have developed various ways to compromise your employees’ corporate credentials or, in some cases, even their MFA codes. They include:

  • Phishing: Emails or texts spoofed to appear as if sent from an official source (i.e., the IT department, or a tech supplier). The recipient will be encouraged to click on a malicious link taking them to a fake login page (i.e., Microsoft).
  • Vishing: A variation on the phishing theme, but this time a victim receives a phone call from the threat actor. They may impersonate the IT helpdesk and request the victim hands over a password or enroll a new MFA device as part of some fictitious back story. Or they could call the helpdesk claiming to be an executive or employee who needs an urgent password reset to get their job done.
  • Infostealers: Malware designed to harvest credentials and session cookies from the victim’s computer/device. It might arrive via a malicious phishing link/attachment, a compromised website, a booby-trapped mobile app, a social media scam or even an unofficial games mod. Infostealers are thought to have been responsible for 75% of compromised credentials last year.
  • Brute-force attacks: These include credential stuffing, where adversaries try previously breached username/password combos against corporate sites and apps. Password spraying, meanwhile, leverages commonly used passwords across different sites. Automated bots help them to do so at scale, until one finally works.
  • Third-party breaches: Adversaries compromise a supplier or partner which stores credentials for its clients, such as an MSP or a SaaS provider. Or they buy up troves of already breached login “combos” to use in subsequent attacks.
  • MFA bypass: The techniques include SIM swapping, MFA prompt bombing that overwhelms the target with push notifications in order to cause “alert fatigue” and elicit a push approval, and Adversary-in-the-Middle (AitM) attacks where attackers insert themselves between a user and a legitimate authentication service to intercept MFA session tokens.

The past few years have been awash with real-world examples of password compromise leading to major security incidents. They include:

  • Change Healthcare: In one of the most significant cyberattacks of 2024, the ransomware group ALPHV (BlackCat) crippled Change Healthcare, a major U.S. healthcare technology provider. The gang leveraged a set of stolen credentials to remotely access a server that did not have multifactor authentication (MFA) turned on. They then escalate their privileges and moved laterally within the systems and deployed ransomware, which ultimately led to an unprecedented disruption of the healthcare system and the theft of sensitive data on millions of Americans.
  • Snowflake: Financially motivated threat actor UNC5537 gained access to the Snowflake customer database instances of multiple clients. Hundreds of millions of downstream customers were impacted by this massive data theft extortion campaign. The threat actor is thought to have accessed their environments via credentials previously stolen via infostealer malware. 

Keep your eyes peeled

All of which makes it more important than ever to protect your employees’ passwords, make logins more secure, and monitor the IT environment more closely for the tell-tale signs of a breach.

Much of this can be achieved by following a Zero Trust approach based around the tenet: never trust, always verify. It means adopting risk-based authentication at the “perimeter” and then at various stages within a segmented network. Users and devices should be assessed and scored based on their risk profile, which can be calculated from time and location of login, device type, and session behavior. To bolster your organization’s protection from unauthorized access and to ensure compliance with regulations, rock-solid multi-factor authentication (MFA) is also a non-negotiable line of defense.

You should complement this approach with updated training and awareness programs for employees, including real-world simulations using the latest social engineering techniques. Strict policies and tools preventing users from visiting risky sites (where infostealers might lurk) are also important, as is security software on all servers, endpoints and other devices, and continuous monitoring tools to spot suspicious behavior. The latter will help you to detect adversaries that may be inside your network courtesy of a compromised credential. Indeed, organizations also need to have a way of reducing the damage a compromised account can do, for example by following the principle of least privilege. Finally, dark web monitoring can help you check if any enterprise credentials are up for sale on the cybercrime underground.

More broadly, consider enlisting the help of an expert third party via a managed detection and response (MDR) service. especially if your company is short on resources. In addition to lower total cost of ownership, a reputable MDR provider brings subject-matter expertise, round-the-clock monitoring and threat hunting, and access to analysts who understand the nuances of credential-based intrusions and can also accelerate incident response if compromised accounts are detected.

Let us keep you
up to date

Sign up for our newsletters

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。