Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/2/2020
11:30 AM
Jai Vijayan
Jai Vijayan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

5 Tips for Triaging Risk from Exposed Credentials

Not all exposed usernames and passwords present a threat. Here's how to quickly identify the ones that do.
2 of 6

Validate Whether the Credentials Belong to Current Employees
Underground markets are awash in employee credentials -- usernames and associated passwords and usernames alone. The study that Digital Shadows conducted, for instance, found that food and beverage organizations on average had over 87,350 credentials exposed; education and technology organizations had an average of around 48,000 employee credentials available online.
But not all of them pose a risk. If the user has left the organization, it's unlikely that his credentials would be active. Similarly, if a password does not match the current password format, it's unlikely that an attacker could use it to gain access to internal systems. Asking these questions is fundamental to ensuring the security team doesn't end up resetting passwords that no longer present a threat, Marriott says. 
'Security teams may have their own scripts to look to validate credentials and assess whether they meet the password or email format,' he says. 'Alternatively, the rise of security orchestration, automation, and response [SOAR] platforms provides additional ways for teams to automate these actions.'
Image Source: NicoElNino via Shutterstock

Validate Whether the Credentials Belong to Current Employees

Underground markets are awash in employee credentials -- usernames and associated passwords and usernames alone. The study that Digital Shadows conducted, for instance, found that food and beverage organizations on average had over 87,350 credentials exposed; education and technology organizations had an average of around 48,000 employee credentials available online.

But not all of them pose a risk. If the user has left the organization, it's unlikely that his credentials would be active. Similarly, if a password does not match the current password format, it's unlikely that an attacker could use it to gain access to internal systems. Asking these questions is fundamental to ensuring the security team doesn't end up resetting passwords that no longer present a threat, Marriott says.

"Security teams may have their own scripts to look to validate credentials and assess whether they meet the password or email format," he says. "Alternatively, the rise of security orchestration, automation, and response [SOAR] platforms provides additional ways for teams to automate these actions."

Image Source: NicoElNino via Shutterstock

2 of 6
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
vantinc
50%
50%
vantinc,
User Rank: Apprentice
9/5/2020 | 5:00:11 AM
Tips for Triaging Risk from Exposed Credentials
In my experience, breaches are often the result of lack of cybersecurity readiness, early detection, or timely response. You need to take a holistic approach to cybersecurity – that means addressing the before, during, and after stages of a potential compromise to prevent it from becoming a breach.
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27486
PUBLISHED: 2021-04-12
The Fatek Automation WinProladder Versions 3.3 and prior are vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code.
CVE-2021-3465
PUBLISHED: 2021-04-12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-15942
PUBLISHED: 2021-04-12
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.
CVE-2021-22190
PUBLISHED: 2021-04-12
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
CVE-2021-24024
PUBLISHED: 2021-04-12
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.