Everything you need to know about Credential Stuffing

credential stuffing password image

What is Credential Stuffing?

Credential stuffing is a type of cyber-attack in which an attacker uses a list of stolen usernames and passwords to gain unauthorized access to various accounts. This is accomplished by automating the process of trying different combinations of login credentials on different websites.

The goal of a credential-stuffing attack is to gain access to as many accounts as possible in a short amount of time. This is done by using a list of stolen credentials, often obtained through previous purchasing lists from previous data breaches on the dark web, phishing or other forms of cyber-attacks. The attacker then uses a program or script to repeatedly try different combinations of usernames and passwords on a target website, in the hopes of finding a match.

Once an attacker has gained access to an account, they can use it to steal personal information, spread malware, or conduct other malicious activities. They can also use the account to gain access to other accounts since many people reuse the same password across multiple sites.

How to protect against Credential Stuffing

It is important to use unique, strong passwords for each online account. Two-factor authentication (2FA) can also be used to provide an additional layer of security. Additionally, organisations can use tools such as bot detection and IP blocking to help prevent automated attacks from being successful.

You also need to be vigilant and monitor your online accounts for suspicious activity, and to immediately change your password if you suspect your account has been compromised.

How to find stolen credentials on the Dark Web or Internet

There are several ways to find out if your credentials have been leaked on the dark web or other parts of the internet. Here are a few methods:

  • Use a credential leak-checking service: There are several online services that allow you to check if your email address or other personal information has been included in a data breach. Some popular services include Have I Been Pwned and DeHashed.
  • Use a dark web monitoring¬†or digital risk platform: Some cybersecurity companies provide dark web monitoring services that can scan the dark web for stolen credentials and other sensitive information. These services can alert you if your information has been found on the dark web.
  • Search for your information manually: You can also manually search for your information on the dark web using TOR search engines such as TORCH or Not Evil. Keep in mind that this method can be time-consuming and may not yield accurate results.
  • Use of a password manager: A password manager with the feature of dark web scan can help you identify if any of your credentials have been compromised and alert you to change the password.

It’s important to note that even if you don’t find your information on the dark web, that doesn’t necessarily mean it hasn’t been compromised. Cybercriminals often sell stolen information in private forums and marketplaces, so it may not be publicly available. Additionally, new data breaches are constantly being discovered, so it’s a good idea to regularly check for new breaches and update your passwords accordingly.

Disable old user accounts

Regularly reviewing and disabling inactive user accounts can help to keep your network and systems secure and ensure that only authorized personnel have access to sensitive information. Disabling old user accounts on your active directory or company domain is important for the following reasons:

  1. Security: Old user accounts that are no longer in use can be a security risk. If an attacker gains access to an inactive account, they can use it to launch attacks on your network or steal sensitive information. By disabling old user accounts, you can reduce the number of potential attack vectors.
  2. Compliance: Many industries are regulated and have compliance standards that require organisations to periodically review and disable inactive user accounts. This helps to ensure that only authorized personnel have access to sensitive information and systems.
  3. Resource management: Keeping inactive user accounts active can cause unnecessary clutter in your active directory, making it difficult to manage and maintain. By disabling old user accounts, you can improve the efficiency and performance of your active directory.
  4. Auditing: Disabling old user accounts can help you keep track of who has access to your network and systems, and when they last accessed them. This can be useful for auditing purposes, and can help you identify potential security threats.
  5. Costeffective: Many companies pay for licenses for their employees, when an employee leaves the company, the license goes to waste if the account is not disabled. This can be costly for the company.

Ingest Microsoft Office 365 logs into a SIEM

For many organisations, the journey to the cloud begins with Office 365. Yet, as organisations migrate business-critical data and operations to Office 365 cloud applications, security concerns arise around data integrity and privacy, user access, and more. To help our customers address their Office 365 security monitoring concerns, CommSec ingests incident logs from Office 365 into our SIEM (Security information and event management) platform that enables threat detection and incident investigation by our SOC team in real time. Check out our MSOC+ service for cost-effective active monitoring of your IT environment.

Conclusion

Credential stuffing is a serious threat to online security, and it is important to take steps to protect yourself and your organisation from this type of attack. By using strong, unique passwords and implementing additional security measures such as two-factor authentication, you can greatly reduce the risk of a successful attack. And always be aware of suspicious activities in your accounts and report them immediately.