Protecting Against Compromised Credentials

Sumit Singh
June 1, 2023


Compromised credential attacks are a popular vector used by cybercriminals to infiltrate organisations and detonate cyberattacks; attacks can include stealing sensitive information, modifying data, or spreading malware. According to recent reports, many high-profile data breaches have resulted from attackers using previously compromised credentials. In fact, Verizon’s Data Breach Report 2022 reported compromised credentials to be the top cause of all data breaches.

As an ongoing and growing risk, it’s vital for organisations to prioritise access control and take proactive security measures to rescue the risk of credential theft. This means not only having email and endpoint solutions but investing in partners that can perform telemetry between these solutions to provide enhanced cybersecurity.


Credential theft is a type of cybercrime that involves stealing personal information, such as passwords, usernames, and financial data, to gain unauthorised access to online accounts or systems. By stealing credentials, attackers can impersonate legitimate users and gain access to sensitive data and workloads. Preventing credential theft is, therefore, crucial for securing cloud assets and protecting sensitive information from cyberattacks.


To be able to mitigate the risk of credential theft, it helps to understand how cyber criminals find credentials in the first place. There are three common methods that adversaries often turn to in order to get their hands on credentials:

  1. Credential Phishing - hackers will attempt to steal credentials by imitating a trusted party in an email or other communication channel. As credential phishing plays on trust, it’s incredibly effective. Email requests are well-timed, urgent in nature and link to recent correspondence. With a legitimate-sounding request seemingly coming from a legitimate source, the attacks can be incredibly hard to spot.
  2. Dark Web - every year, billions of user passwords, logins and other pieces of personal information are stolen and then advertised on the dark web, a collection of anonymous yet publicly available websites. All it takes then is for other hackers or identity thieves to purchase the information and use it for financial gain. To check if your data has been compromised in a data breach and may be accessible, you can use websites such as Have I Been Pwned (HIBP).
  3. Brute force attacks - this type of attack involves trying multiple password combinations using trial and error to gain unauthorised access to a system. Brute-force attacks are successful because many people use weak passwords. What’s more, with automated computer algorithms rapidly imputing millions of combinations, changing one character at a time, the chance of success is much higher than you’d think.


Compromised credentials can significantly increase the likelihood of cyber attacks on corporate networks and data theft. This can result in devastating consequences for businesses, including financial loss, reputational damage, and legal repercussions. Therefore, it is crucial to take steps to prevent credential compromise, including the following:

  • Enable MFA  - multi-factor authentication (MFA) is a security measure that requires users to provide at least two pieces of evidence to authenticate their identity before they can access a system or application. This technique effectively raises the bar for attackers, as it makes it more challenging for them to gain access with a single password.
  • Update Passwords Regularly - regularly changing passwords reduces the risk of credentials being compromised in two ways. Firstly, it prevents people from using their personal or familiar passwords across their business accounts. Secondly, by limiting each password’s lifespan, it reduces the window of time during which a stolen password is valid.
  • Invest in Identity Theft Protection - identity theft protection technology offers visibility into attacks and anomalies by comparing live traffic against behaviour baselines and rules. By detecting attacks and lateral movement, creating dynamic risk profiling and offering real-time alerts, organisations are in a stronger place to secure their domains.
  • Invest in an AI-Based Behavioural Anomaly Detection Solution - by learning normal behaviour and patterns, this AI-based technology is able to detect emails originating from suspicious sources. Email content is analysed for suspicious text patterns, tones and malicious links as well as unusual IP addresses or locations. By ingesting thousands of signals from multiple sources, the API architecture is extremely adept at flagging anomalous URLs and abnormal behaviour.

Of course, the most effective way to defend against credential theft is to employ a combination of the measures above. In fact, it’s now possible to achieve bi-directional integration between certain providers of identity threat protection and behavioural anomaly detection. This helps security teams correlate meaningful events across identity, endpoint, and email and respond quickly to incidents in progress.


While enabling multi-factor authentication and adhering to good password management can prevent credential theft, there’s still a risk for every business. That’s why detection and remediation is such an important step; these technologies can prevent compromised credentials from proliferating into a cyber incident. What’s more, the next-generation technology has now leveraged bi-directional signals to create more enhanced protection at email and endpoint.

If you’d like to learn more about how you can prevent credential theft, including technology that you can implement to deliver enhanced security, get in touch with the cyber security experts at Infotrust today.