As a result of IBM X-Force’s findings, enterprises cannot distinguish between legitimate authentication and unauthorized access due to poor credential management. Several cybersecurity products are not designed to detect the misuse of valid credentials by illegitimate operators, and this is a major problem for organizations seeking to detect illegitimate uses.
Henderson added that these products do not detect illegitimate activity.
In addition to widespread credential reuse and a vast repository of valid credentials that are being sold on the dark web for sale, IBM also stated that cloud account credentials account for almost 90% of the assets for sale on the dark web, which is also fueling the rise of identity-based attacks.
The practice of credential reuse, Henderson said, can deliver the same results as single sign-on providers by allowing threat actors to gain access to a large number of accounts at once.
It is well known that because users reuse credentials for many, many different accounts, the credentials themselves become de facto single sign-on.
In the year 2023, the number of phishing campaigns that were linked to attacks declined by 44% from 2022 as threat actors flocked to valid credentials. Phishing accounted for almost one in three of the total number of incidents resolved by X-Force in 2016.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: