Rise of the Identity Deception Attacks
In our most recent blog posts we’ve focussed on email fraud attacks and data breaches, and a common theme throughout has been the rise of identity deception attacks. In this post we look at the most common types of identity deception attacks your organisation needs to be aware of and how strengthening your identity and access management (IAM) can help to combat them.
In a recent study completed by security professionals, these were their top identity-related concerns1;
- 59% expansion of the user base to include non-employees
- 43% inconvenient authentication controls ignored/subverted
- 33% of IAM policies
- 29% Reuse of the same passwords
- 24% stolen credentials
Attackers are aware of this too, and are utilising techniques that exploit these concerns;
1. Credential stuffing
A form of brute force attack that exploits the fact users can find it difficult to create unique passwords across various accounts or have “password fatigue”. Many individuals have had their account credentials compromised as part of a data breach (most recent including LinkedIn, Facebook). These attacks are completed at scale by bots, giving a higher chance of your organisation falling victim to them.
Attackers will acquire credentials from a breach or password dump site, automated tools will then test these credentials across various sites. After the attacker has gained access they will then harvest data or execute the next stage of their attack.
2. Password spraying
Another form of brute force attack that relies on users using common and easy to predict passwords such as “password1”, which has appeared in data breaches over 2.3 million times2. Attackers will have a list of predictable passwords that match the complexity policy of the platform and then use the passwords across many different user accounts to help avoid being detected.
3. Man-in-the-middle attacks
Man-in-the-Middle work by intercepting network connections, often by utilising tools to imitate a legitimate wifi point (e.g. a McDonalds or Starbucks Wifi). Once they have an individual using this Wifi connection they will attempt to extract credentials by tricking the user into submitting their details through a malicious certificate, which is able to monitor all the user’s inputs.
4. Broad-based phishing campaigns
A favourite amongst cybercriminals due to its low cost and ease of deployment. With even the simplest of social engineering and a list of email addresses, a phishing attack can successfully compromise 1 out of 20 employees2.
These phishing attacks are broadly distributed and cybercriminals will wait to see which credentials are collected, using this stolen information to gain access to data or other logins to more high-value information.
5. Spear phishing campaigns
A targeted phishing attack on a high-value individual of an organisation. This requires a bit more research from the attacker to personalise the attack, but if successful the ROI can be much greater. Once an attacker has tricked a high-value target into giving their credentials they can sit within that individual’s environment for months, going unnoticed and gaining intel into their normal behaviour.
Specifically, there has been a rise in attackers impersonating Microsoft (70% of brand impersonation attacks3), in the form of password reset emails, gaining access to individual’s Outlook accounts. Once access has been gained to an email account, cybercriminals are able to leverage this to reset passwords to other portals that give access to business-critical information and possibly execute the next stage of their attack.
Preventing identity attacks
One way an organisation can prevent these kinds of identity deception attacks is to implement Multi-Factor Authentication (MFA) across applications. By requiring a second factor to access platforms that hold sensitive data, such as authenticator apps or linking a user’s login to their mobile means that even if an attacker has their credentials they will not be able to authenticate. This also stops cybercriminals from utilising credential stuffing or password spraying techniques, as stolen or weak credentials will not be successful on their own. Utilising a MFA solution that allows your organisation to implement strict MFA policies across your applications is also advised.
Organisation’s should also consider deploying a Single Sign-On (SSO) solution. SSO allows you to centralise identity and access control by;
- Reliably integrate all your web and mobile application logins
- Unify access for users to eliminate passwords and simplify access
- Creating a secure directory of users
- Gain access to real-time security reporting, with geolocation tracking by integrating with your SIEM.
To find out more about how InfoTrust can help strengthen your organisation’s identity access management contact us today on +61 2 9221 5555 or info@infotrust.com.au.
1 Okta’s Using IAM in the Age of Megabreaches
2 Okta’s 5 identity attacks that exploit your broken authentication blog
3 Agari’s Email Fraud and Identity Deception Trends Report Q1 2019
see our
Related resources
Mimecast recently released its State of Email Security Report for 2021. The fifth edition of its annual report used interviews with over twelve hundred of information technology and cybersecurity professionals across the globe to gather vital cybersecurity insights. The report offers an insight into the latest email threats along with advice on how to build cyber resilience and mitigate the risks of email-borne attacks.
Cyber attacks and data breaches have been commonplace in the news headlines for some time now. Although a warning from the media is certainly helpful, there is so much more that can be done when it comes to threat intelligence sharing. Threat intelligence sharing is an important part of the global cybersecurity community effort to tackle cybercrime and should form a part of every organisation’s cybersecurity strategy. Sharing cyber threat intelligence enables organisations to make informed decisions about their cybersecurity, building more effective and robust cyber defences.
One of my favourite annual reports to read is the Verizon Data Breach Investigations Report. It’s packed full of insights about the threat landscape and security leaders, in my opinion, should read this report to get a pulse on what’s happening in cyber-scape.
After all, as cyber leaders, we are here to stop breaches – so the insights gained from real cyber incidents and breaches is gold in learning how to tighten up our defences.
All businesses, large and small, are under increasing pressure to demonstrate that they are managing the risk of cyberattacks. This means having the right processes and controls in place to identify risks and vulnerabilities, protect information, as well as detect, respond, and recover in the event of cybersecurity incidents. As such, many businesses are turning to certification authorities and security frameworks to demonstrate privacy and security best practice and achieve compliance with regulatory bodies. System and Organisation Controls (SOC 2) is one such compliance framework that can help organisations to create a structured approach to cybersecurity.
Frost & Sullivan has recently released its 2021 Frost Radar: Email Security report, where its findings provide a benchmarking framework to help businesses protect their email from cyber threats.
As we operate in an increasingly digital world, every business collect, store, and share more and more data. And, amongst that data is personal information. With the OAIC marking this year’s Privacy Awareness Week (PAW) from Monday 3 May to Sunday 9 May 2021, it’s time for us all to review how we protect our customers’ personal information.
We're Here To Help