Stolen online account credentials are always in demand in the cybercrime market. Recently, a threat actor was found selling credentials of hundreds of C-level executives at companies across the world for $100 to $1500 per account.
Serious Credential Threats
Numerous sophisticated malware and threat actors have been identified attempting to steal credentials to be used for malicious purposes or selling on underground forums.
A new multi-stage malware dubbed Chaes was identified that could evade antivirus tools and steal sensitive information from the browser, such as login credentials, credit card numbers, and other financial information.
Cicada APT group was found targeting companies in 17 regions and multiple sectors, gathering information from network machines, and harvesting credentials to gain further access to the victim network.
Organizations Facing Credential Stuffing Related Threats
A large number of organizations and their customers have recently faced data losses and privacy breaches due to credential stuffing attacks.
Spotify witnessed a hack of over 300k verified accounts. The North Face, the outdoor retail giant, witnessed a credential stuffing attack, impacting an undisclosed number of its customers.
Nando’s, the South African restaurant chain, faced losses of hundreds of pounds after cyber-attackers hijacked their customer’s online accounts to illegitimately place large orders. Sam’s Club, the U.S.-based membership-only retail warehouse club chain, was found sending automated password reset emails to its customers after being targeted by credential stuffing attacks.
Conclusion
Old habits die hard! Customer reusing passwords pave the way for attackers launching credential stuffing attempts. While users find it difficult to change, experts recommend organizations should add security layers such as geo-blocking, captcha controls, and frequency monitoring of access-related logs to check for any ambiguity or unusual behavior.