Last month, I opined on how to protect corporate credentials in the wake of the loss of 1.2 billion usernames and passwords to Russian hackers. I threw down a gauntlet and challenged all to answer why we can continue to allow these types of attacks on passwords to hurt our enterprises. Although many organizations have a policy that prohibits reusing corporate credentials on third-party sites, enterprises have found it difficult to enforce these policies. The headlines are full of high-profile breaches on leading websites, some of which have caused hundreds of millions of user accounts to be compromised.

Maybe we don’t fully understand the scope of the problem. Across the three major threat vectors used by cybercriminals to get corporate credentials, there has been significant activity. The following are some related statistics:

Exposure by Third-Party Site Hack

“Almost as soon as the Heartbleed vulnerability was released as an OpenSSL advisory, IBM Managed Security Services (MSS) witnessed attackers immediately retooling and exploiting the bug on a global scale. Once the major vendors of intrusion detection and prevention systems created protection signatures, MSS was able to see just how bad the situation had become. On 15 April 2014, MSS witnessed the largest spike in activity across the customer base with more than 300,000 attacks in a single 24-hour period, just one day later,” according to the IBM X-Force Threat Intelligence Quarterly 3Q 2014.

Exposure by Phishing

“The Anti-Phishing Working Group tracks the number of unique phishing websites. This is now determined by the unique base URLs of the phishing sites. There were 180,378 phishing sites that were observed in Q2. This is the second‑highest number of phishing sites detected in a quarter, eclipsed only by the 164,032 seen in the first quarter of 2012,” according to the APWG Phishing Activity Trends Report Q2 2014.

Exposure by Malware

“In 2013 alone, there were 30 million new malware strains in circulation, at an average of 82,000 per day. This has brought the grand total of all malware samples in PandaLabs’ database to approximately 145 million,” according to the Panda Annual Report 2013.

“In Q1 2014, the total malware sample count in the McAfee Labs ‘zoo’ broke the 200 million sample barrier,” according to the McAfee Report Q1 2014.

“Massively distributed malware originally designed for financial fraud has been used to target nonfinancial organizations in an APT-style attack. These include the infamous Zeus, SpyEye and Shylock families. Over time, malware developers extended the capabilities of these malware families and added advanced evasion techniques to turn them into sophisticated APT tools that can target organizations in general,” according to IBM Trusteer research.

Preventing the Theft of Corporate Credentials

Today, effectively preventing the theft of corporate credentials from advanced threats requires the following three essential capabilities:

  • Validating that corporate credentials are used only to log in to an approved corporate applications, whether those applications are hosted internally or delivered by a software-as-a-service vendor, business partner or through the cloud.
  • Automatically preventing corporate credentials from being sent to unauthorized sites. This can help prevent users from submitting their credentials on phishing sites and stop the reuse of corporate credentials on unapproved third-party sites such as social networks.
  • Preventing malware from compromising the user systems and, in cases when malware avoids detection, helping prevent malware from communicating out to expose corporate credentials. This stops malware from communicating stolen credentials to a cybercriminal.

What all of this tells me is that we are still waking up to how difficult and challenging it is to protect corporate credentials. So here is my challenge to you this month: Can we stop thinking of protecting corporate credentials as an impossible mission?

More from Endpoint

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…

3 Ways EDR Can Stop Ransomware Attacks

Ransomware attacks are on the rise. While these activities are low-risk and high-reward for criminal groups, their consequences can devastate their target organizations. According to the 2022 Cost of a Data Breach report, the average cost of a ransomware attack is $4.54 million, without including the cost of the ransom itself. Ransomware breaches also took 49 days longer than the data breach average to identify and contain. Worse, criminals will often target the victim again, even after the ransom is…

How EDR Security Supports Defenders in a Data Breach

The cost of a data breach has reached an all-time high. It averaged $4.35 million in 2022, according to the newly published IBM Cost of a Data Breach Report. What’s more, 83% of organizations have faced more than one data breach, with just 17% saying this was their first data breach. What can organizations do about this? One solution is endpoint detection and response (EDR) software. Take a look at how an effective EDR solution can help your security teams. …