Compromised Credentials and Breaches: How It Affects Your Business

Small businesses have been a lucrative target for cybercriminals. And for obvious reasons such as lack of

✅ Security resources

✅ Financial resources

✅ Expertise in the security field

✅ Cyber insurance

The above-mentioned reasons make small businesses susceptible to various cybercrimes like phishing and social engineering attacks, among others.

Through these attacks, the threat actors steal your organization’s credentials. Once they obtain these credentials, the threat actor can launch various attacks to steal your information.

Before I venture ahead, let me throw some light on compromised credentials and compromised credentials attacks.

What Are Compromised Credentials Attacks?

When an unauthorized person or an entity unlawfully gains your login details (usernames, passwords, API keys, or tokens), it is known as compromised credentials.

When threat actors use a list of those compromised credentials to deploy cyber-attacks by login attempts into a wide range of online accounts, it is known as a compromised credential attack.

A compromised credentials attack is one of the most common techniques used by threat actors targeting small businesses. And it can have disastrous consequences.

Picture this:

In 2023, users' credentials were the most commonly compromised data category in data breaches involving small businesses, with about 54% compromised.

Per the Verizon DBIR report, stolen or compromised credentials are the root of over 50%) of all breaches.

Compromised Credential: Why Are They Valuable to Cybercriminals?

For various reasons, your customers’ credentials are a lucrative commodity in the dark net market.

📍Credentials are easier and cheaper to lay hands on.

📍They don’t require much effort from novice threat actors to get their hands on.

📍The credentials can be developed and abused in a variety of other fraudulent activities, such as spam, financial fraud, and acquiring additional data and personally identifiable information (PII).

📍 They are acquired through users' poor password hygiene.

For these reasons, users’ credentials are valuable commodities for bad actors.

Common Credentials Attack Methods to Watch Out For

While numerous credentials attacks exist, these three are the most prominent and common.

Brute Force Attacks

In this technique, attackers repeatedly guess login credentials using common password lists. While this is not a compromised credentials attack, it is a credential attack. Reason: They are using various permutations and combinations to guess your credentials.

Credential Stuffing Attacks

Similar to a brute force attack, the difference is in the techniques used by attackers. Threat actors use the stolen credentials combination to see which one works for a specific website.

Dictionary Attacks

As the name suggests, attackers use words from the dictionary to figure out the combinations needed to log in to your account. They use the words in combination with common usernames, such as admin, manager, user, IT admin, and others.

Risks Associated with Compromised Credentials Attacks

Compromised credentials pose similar risks as those posed by credentials takeover. Here are some of the prominent ones.

📌 You can be locked out of your account. Yes, that’s a reality.

📌 Your personal or financial information can be stolen and used for malicious purposes.

📌 They can deface your account or webpage. In simple words, they can delete your information and fill it with their content.

📌 They can also modify your information to make you appear as a criminal.

📌 In the worst-case scenario, they can shut down your account. And make it difficult for you to reopen the account.

📌 Your credentials are a lucrative community on the dark web, and this is where you can find your credentials being sold.

How to Protect Your SMB Against Compromised Credentials Attacks

Here are a few ways you can guard your small business against compromised credential attacks.

✅ Enforce the use of multi-factor authentication (MFA) among your employees, clients, and customers. Reason: Human error is the cause behind stolen credentials (More details on this in my blog, Human Error), and MFA can help mitigate that error.

✅ Ban previously compromised passwords by not letting users set the same password again and prompting them to choose another one. To find out which ones were compromised earlier, you can visit the website haveibeenpwned.com and get the list of compromised credentials.

✅ CAPTCHAs are another way to prevent compromised credentials attacks. A user may be required to solve a CAPTCHA quiz to authenticate their login rights.

✅ AI-based Intrusion Detection System (IDS) can help you detect any anomalies in logging activities, and you can prevent access there and then.

✅ A list of blocked IP addresses is another way to restrict the access of threat actors who want to steal your users’ credentials.

Final Words

In the end… Remember this.

Your reliance on passwords and other weak authentication methods will always keep you susceptible to compromised credentials attacks.

So, to defend your business against compromised credentials, your business goal must be to

🎯 Make it as difficult as possible for criminals to steal the credentials.

🎯 Slow down the process to as much level as possible.