Currently there are more than 775 million credentials for sale and thousands of ads for access-as-a-service. There has been a six-fold increase in the number of credentials stolen via malware and offered for sale. Analysis of the most popular topics from underground forums demonstrates that stolen credentials and the sale of initial access continue to dominate cybercriminal markets. Previously cybercriminals focused on stealing valuable data or on compromising specific companies but as attacks get easier and easier for anyone who has money, low skilled actors can purchase credentials and ransomware in one go. "When we think about credential theft, what we actually need to be thinking about is the kind of complete browser fingerprint that some of these info stealers are looking for," researchers say. Companies should look first and foremost at identity and access management making sure that there is a robust and well understood security program for access.
Read more here.
