In the wake of digital transformation, organizations are becoming increasingly vulnerable to malicious cyber-attacks such as credential harvesting. Last week we discussed the new and innovative ways that criminals are digitally attacking individuals and organizations alike. This week I want to dive deeper into credential harvesting. Credential harvesting is when attackers impersonate trusted websites or entities to gain access to user credentials, such as usernames, passwords, and credit card data.
Credential harvesting is one of the most prevalent cyberattacks used today, and it’s getting more sophisticated every day. Phishing attacks have become more targeted and convincing, and they now resort to various techniques to gain access to sensitive and confidential information. Organizations must stay ahead of such new threats and adapt their security measures to protect themselves from related cyber-attacks. This article will discuss credential harvesting, how phishing attacks have evolved, and how organizations can prevent these new-age cyberattacks and protect their critical information assets’ confidentiality, integrity, and availability.
Understanding Credential Harvesting
Credential harvesting is a cyber-attack targeting confidential (username, passwords, PIN, etc.) and sensitive information, which includes other digital credentials of users (such as one-time passwords, authentication codes, etc.). In other words, it is a malicious technique used by attackers to extract confidential data from unsuspecting victims, such as usernames, passwords, banking details, and credit card numbers.
Credential harvesting is typically done through phishing scams, wherein criminals send emails that appear to be from legitimate sources to entice the user to enter their credentials. In some cases, they use malware to access a user’s system, allowing them to acquire credentials without their knowledge. This type of attack has become increasingly prevalent in recent years as these criminals have become more sophisticated in their methods.
Types and Forms of Credential Harvesting Attacks
Interested in adding Anti-Phishing solutions to for your customer?
Complete this short form and one of our Identity and Access Management specialists will contact you to setup an initial consultation.
Criminals use numerous techniques and attack vectors to accomplish credential harvesting. Some of the most common types are:
Man-In-The-Middle Attack
In a Man-in-the-middle (MITM) attack, an adversary positions themselves digitally between two legitimate endpoints of a communication path. For credential harvesting, the attacker tries to gain access to sensitive user credentials, such as usernames and passwords or even two-factor authentication codes, by ‘eavesdropping’ on the communication. MITM attacks can be accomplished through various techniques, including IP spoofing, ARP (Address Resolution Protocol) poisoning, and DNS cache poisoning.
Whaling
Whaling is generally a form of phishing that targets high-profile individuals like celebrities or CEOs of large organizations. Its CEO Fraud version has become a significant security concern for businesses as they have become increasingly prevalent. In a CEO Fraud attack, a criminal attempts to impersonate a high-level executive, such as a CEO, CFO, or other corporate leaders, to gain access to confidential information or financial resources. It is typically done by sending a phishing email containing malicious links or attachments, allowing the attacker to access the target’s credentials when clicked.
Business Email Compromise (BEC)
BEC attacks are a form of malicious intervention in business circles where fraudsters use social engineering tactics to access an organization’s corporate email accounts. They use the method to impersonate executives or employees to solicit payments or confidential information. They send fake emails pretending to be from a trusted supplier or third party to take advantage.
The attackers also use the compromised accounts to send convincing emails to the organization’s customers, partners, or suppliers to deceive them into making payments or sharing confidential information.
Preventing New Age Cyber Attacks Such as Credential Harvesting
Organizations must consider credential harvesting with the seriousness it deserves. They must take the necessary precautions and implement the robust security measures described below to thwart the threat in time.
Security Awareness and Training
Raising awareness of the threat of credential harvesting is critical to defending against it. Training enables individuals and organizations to identify and respond to malicious activities before they can do any actual harm. Individuals must understand the risks associated with credential harvesting, how it is perpetrated, and the steps they should take to protect their personal and organizational information.
Phishing Education
Phishing education involves educating users on the ill effects of phishing attacks and equipping them with the knowledge to identify and avoid them. It can include examples of common phishing attacks, such as spoofed emails and malicious links. It is also important to emphasize the importance of not sharing passwords or other sensitive information over the Internet.
Additionally, users should be aware of the potential for credential harvesting attempts via social engineering and should be encouraged to avoid clicking on suspicious links or downloading malicious attachments.
Using Multi-Factor Authentication (MFA)
Multi-factor authentication is a security measure requiring a user to provide additional authentication factors beyond their username and password. It can include a one-time code sent via SMS or email, a physical security key, or biometric authentication such as fingerprints or voice recognition. Using biometric authentication ensures the authorized user is who they say they are.
Risk-Based Access Control
Using risk-based access control, an organization can implement an authorization and authentication system that considers potential threats and vulnerabilities. This system can prevent criminals from accessing restricted resources and identify and block malicious activities. A robust IAM (Identity and Access Management) system based on ‘least privilege’ and ‘need to know’ principles can restrict suspicious behavior and take preventative action immediately.
Early Prediction, Detection, and Mitigation Capabilities
One of the significant advantages of using AI-based anti-malware solutions is that they can detect the threat early, enabling easy identification and prompt mitigation before it becomes a significant cyber incident.
AI allows for maintaining an elaborate database of identified threats. Consequently, it becomes convenient for organizations to predict cybersecurity threat trends and have proper corrective measures to mitigate new and advanced threats.
Credential Vaulting
Credential vaulting is an effective method for protecting against this attack, as it provides a centralized and secure repository for storing and managing credentials. Credential vaulting works by keeping credentials encrypted on a server and allowing users to access them through a secure interface.
These vaults can store the list of passwords in a manner wherein the user cannot see the password but only use it when they have the primary access and authority to do so. When users attempt to access a website or application using their credentials, they are securely transmitted to the vault, where they are authenticated and then used to log in.
Educate Your Employees
Credential vaulting effectively protects against this attack, as it provides a centralized and secure repository for storing and managing credentials. Credential vaulting works by keeping credentials encrypted on a server and allowing users to access them through a secure interface.
Continuously Improving Enterprise IT Security
This includes implementing the latest security technologies, such as firewalls, intrusion detection and prevention systems, and encryption. Additionally, organizations should establish and enforce policies and procedures to ensure employees know their roles in safeguarding their data and networks. Regularly monitoring the organization’s networks and systems can also help detect any suspicious activity, allowing the organization to take appropriate action.
Specialized MSSP (Managed Security Service Provider)
An MSSP provides a comprehensive suite of services to protect against cyber threats, including threat monitoring, security testing and analysis, incident response, and more. By taking advantage of an MSSP’s services, organizations can promptly detect, respond to, and mitigate cyber risks. Additionally, MSSPs can provide organizations with the capability to quickly identify and react to new-age cyber-attacks that may be difficult to detect and combat.
Credential harvesting is a severe problem that organizations must be aware of and prepared to encounter. It is one of the easiest for criminals to perform, and arguably one of the easiest to prevent. It may not be possible to prevent the most sophisticated attacks. However, with proper training, security tools, and preventive measures, organizations can minimize their exposure to credential harvesting attacks.
Organizations should also have a plan to minimize the damage and quickly restore their systems and data in case of an attack. By staying informed about the changing threat landscape and up-to-date on mitigating tactics, organizations can remain proactive in preventing criminals from gaining access to organizational data.
Chris Luque
Identity & Access Management Practice Lead
References
1. Ekran. (2022, April 6). 15 cybersecurity best practices to prevent cyber attacks in 2022. Retrieved February 19, 2023, from Ekransystem.com website: https://www.ekransystem.com/en/blog/best-cyber-security-practices
2. Aijaz, S. (2022, August 1). Credential harvesting: Is it too big of an attack or can you fight back? Retrieved February 19, 2023, from Att.com website: https://cybersecurity.att.com/blogs/security-essentials/credential-harvesting-is-it-too-big-of-an-attack-or-can-you-fight-back
3. MGO. (2019, October 25). Credential harvesting. Retrieved February 19, 2023, from MGOCPA website: https://www.mgocpa.com/perspective/credential-harvesting/
4. Overby, S. (2022, August 25). What is credential harvesting? Retrieved February 19, 2023, from Mimecast website: https://www.mimecast.com/blog/what-is-credential-harvesting/
5. Deloitte. (n.d.). Protecting against the changing cybersecurity risk landscape. Retrieved February 19, 2023, from Deloitte United States website: https://www2.deloitte.com/us/en/pages/advisory/articles/advanced-cyber-threats.html
6. Zhang, F. (2022, June 8). How to Identify & Eliminate Credential Harvesting Threats. Bolster. Retrieved February 19, 2023, from Bolster website: https://bolster.ai/blog/credential-harvesting
7. Great Learning Team. (2020, April 14). The Rise of Hybrid Attacks- The New Age Warfare. Great Learning Blog: Free Resources What Matters to Shape Your Career! https://www.mygreatlearning.com/blog/the-rise-of-hybrid-attacks-the-new-age-warfare/