Cybercriminals are becoming increasingly adept at using user identities to commit cybercrimes. A whopping 80% of breaches involve the use of compromised or stolen identities. These types of attacks are difficult to detect, making it critical that you understand what types of identity-based attacks are out there and how to defend yourself against them.
What Is an Identity-Based Attack?
An identity-based attack is an attack where a cybercriminal accesses a device, network, or system using stolen credentials. The attacker can then masquerade as the user, making it difficult to detect the attack.
Types of Identity-Based Attacks
There are several types of identity-based attacks to be aware of. If you are the target of such an attack, knowing what type it is will help you defend against it. Let’s take a look at the most common types of identity-based attacks.
Phishing
Phishing is a type of attack in which the attacker will pose as a genuine person or organization and reach out via email, text message, or instant message. The goal is to convince you to divulge sensitive or personal information or credentials that will make it possible for them to access restricted accounts. The information these attackers typically go for includes personally identifiable information such as financial account information and account passwords.
The communication requesting this information will create a sense of urgency, prompting the target to send the required information quickly. There may also be hyperlinks to click or documents to open that can contain malware that puts your system at greater risk.
Credential Stuffing
This is a type of identity-based attack where the attacker takes stolen credentials from one system and uses them to try to access another system. They can acquire these credentials through phishing or purchase them via the dark web. The sophistication of today’s technology means that the attacker can use automation or bots to try to log into more than one account using the stolen credentials. Once they get into the system, they can steal additional sensitive information.
Man-in-the-Middle Attack
A Man-in-the-Middle attack is a way for a cybercriminal to eavesdrop on your communications. They can set themselves up between our communication point and the communication point of the intended recipient. They can then intercept your communication in transit and steal sensitive or confidential information. They can also remove the data in the transmission and replace it with malicious data, which the recipient thinks is legitimate because the message came from someone they know.
Password Spraying
Password spraying is a way for attackers to access a system or network by using a common password with multiple usernames. Since users commonly have failed password attempts when logging in, any attempts by the attacker that fail won’t be detected because they will look like legitimate failed attempts. And since the attacker uses commonly used passwords and passphrases, there is a good chance they will work with at least one username, granting the attacker access to the system.
Pass-the-Hash Attack
Every password has a hashed copy, which is like its blueprint. When an attacker obtains this hashed copy, typically through access to the user’s account, they can then use it to access the entire system just as easily as if they had the actual password.
Golden Ticket Attack
With this type of attack, the attacker will gain unlimited access to an organization’s domain through data stored in the Active Directory (AD). All the attacker needs to accomplish this is the domain name and security identifier, the password hash, and the username on the account.
Silver Ticket Attack
When an attacker acquires a stolen password, they can use it to forge an authentication ticket that will grant them access to specific services. This allows the attacker to run code that appears to come from the targeted local system, allowing them to elevate their privileges so they can move within the compromised system or create a golden ticket.
Best Practices to Protect Against Identity-Based Attacks
Fortunately, there are steps you can take to protect your organization from identity-based attacks. This means bringing your entire team on board so everyone knows how to mitigate the threat. Here are some best practices to follow.
Create a Culture of Awareness
Your people are your front line of defense. Even if you have the best policies, procedures, and technology, one wrong click from someone can give an attacker access to your system or network. It is critical that you educate your employees on how to recognize a potential attack and what to do about it.
Have a Strong Password Policy
Implement and enforce a password policy that requires employees to create strong passwords that are not easy to guess or crack with software. There should be a unique password for each account, and each password should be long and complicated, with a combination of upper- and lower-case letters, numbers, and special symbols.
Deactivate Accounts That Are No Longer Used
Accounts that are no longer used can easily be left active yet abandoned. These are easy ways into your system for attackers. Keep a spreadsheet of all accounts on your system and deactivate and delete an account as soon as it is no longer needed.
Use Multi-factor Authentication
Requiring all users to use multifactor authentication will help protect you from attackers accessing your system. Even if they manage to steal a user’s login credentials, multifactor authentication will prevent them from getting in because they will be less likely to have access to the other means of identity and access verification.
Implement the Concept of Least Privilege
Least privilege access control only allows those users access who need it and only when they need it. This limits the number of users who can access a system, preventing even legitimate users from gaining access if it’s not necessary.
Identity-based attacks are just one of the many types of cyberattacks that can seriously damage an organization. Act now to limit your risk of an identity-based attack.
Connect with Platinum Technologies today to learn more about identity-based attacks and how we can help you protect against them.
