Cyber Explainer: Compromised Account

Countless record-setting data breaches started with this type of identity theft — which is so common, because it's so effective

Compromised Account Data Breach

In this new series, “Cyber Explainer,” Interset breaks down the five most damaging types of threats facing enterprises, then details the five most effective cyberattack methods criminals use to exact them. For this second installment, we look at the compromised account, one of the most frequent precursors to a data breach. 

What It Means
In this era of malware, compromising an identity seems to be the easiest looting method. Attackers leverage user credentials, which are either stolen or hacked, for financial gain or to access to sensitive network data. This type of threat can target company employees and lead to consumer identity theft. Verizon’s 2017 Data Breach Investigations Report revealed, “Almost 65% of breaches involved the use of 100% stolen credentials.”

Where You’ve Seen It
Where to begin? Some of the largest hacks began with a compromised account. Yahoo’s 2014 breach was reportedly ignited by nation-state hackers accessing user accounts by creating forged “cookies.” Hackers allegedly breached Amazon’s third-party vendor accounts by purchasing credentials from previous attacks, such as the LinkedIn incident five years ago. And 2014’s Home Depot hack was set into motion by thieves stealing vendor log-in credentials.

How to Stop It
Account compromise is popular, because it can easily elude detection. Identity Access Management (IAM) technology—used to confirm users, monitor permission, and manage access—tend to fail, because it’s often limited by rules and thresholds. In contrast, the key to detecting and eliminating stolen credentials lies in detecting behavioral changes. Security analytics is particularly adept at this. It pinpoints rogue behavior by baselining not just the activity of entities (users, files, networks, devices) but also how these entities interact with each other, thus enabling multidimensional risk visibility. When paired with machine learning, it’s transformational: processing billions of real-time events to give security teams a handful of validated leads.

LEARN MORE Why machine learning is key to impactful threat detection and intelligence