Why Implementing "Zero-Trust Principles" Can Help Prevent Credential Hijacking

According to cybersecurity firm CrowdStrike's annual report, cybercriminals are relying less on malware and more on credential hijacking, leading to cyberattacks that are more difficult to detect. 


The report states that 68 percent of detections during the previous three months were not malware-based. Rather than writing malware to the endpoint, cybercriminals are using legitimate credentials and built-in tools (living off the land) to achieve their objectives.


The shift is a deliberate effort "to evade detection by traditional antivirus products," the report said.


The report describes an attack scenario identical to the attack on IT management firm SolarWinds. It notes that cybercriminals used "compromised credentials to access an internal code sharing repository." The hackers used the compromised account, which contained source code for a legitimate software that the organization delivered to its customers, to perform discovery and file interaction that gave them "the potential opportunity to maliciously manipulate the software before delivery to end users."


The report also states that, over the past year, hackers have become quicker at moving "from an initially compromised host to another host within the victim environment." The process takes an average of one hour and 32 minutes, which is three times faster than during the previous year. Thirty-six percent of successful cases only took 30 minutes. 


The report is based on data from CrowdStrike's customer base, which is indexed by Threat Graph, covering the period of July 1, 2020, through June 30, 2021. Mariam Baksh "Report: Hackers Shift from Malware to Credential Hijacking" nextgov.com (Sep. 08, 2021).


The Cybersecurity and Infrastructure Security Agency and the Office of Management and Budget (OMB) recently issued guidance on implementing security systems based on the concept of zero trust.

The zero-trust principle requires constantly checking and verifying the identity of users and employing tools, such as multifactor authentication, that make it more difficult to impersonate a legitimate account. Using zero-trust tools protects your organization from cyberattacks in which hackers impersonating an employee, rather than using malware, to gain access.

A recent memo issued by the OMB recommended that agencies meet the following five zero trust security goals:


1.   Identity – Use phishing-resistant MFA to protect personnel from sophisticated online attacks targeting access to applications.

2.   Devices – Maintain a complete inventory of every device authorized for workplace use and be able to detect and respond to incidents on those devices.

3.   Networks – Encrypt all DNS and HTTP traffic and segment networks around applications. Identify a workable path to encrypting email in transit.

4.   Applications – Treat all applications as internet connected and routinely subject applications to rigorous testing and external vulnerability reports.

5.   Data – Deploy protections that use thorough data categorization. Take advantage of cloud security services to monitor access to sensitive data. Implement enterprise-wide logging and information sharing. Aaron Boyd “Biden Administration Releases Draft Zero-Trust Guidance” www.nextgov.com (Sep. 07, 2021).


All organizations should work with their cybersecurity team to implement zero-trust principles to protect their networks and data from the growing threat of credential hijacking.

Finally, your opinion is important to us. Please complete the opinion survey:

What's New

Why A Balanced Approach Of Response And Preparation Is Needed For Data Security

A recent study found that IT personnel recognize how proactive risk assessment steps can minimize damage from a systems breach. However, do they have the time? Learn more.

Checking For Skimmers: A Day-To-Day Security Task

Performing visual and physical security checks can help you spot credit card skimmers. Learn more about this identity theft risk.

Online Account Takeover Fraud Spiking: Are Unique And Strong Passwords The Answer?

Account takeover fraud is on the rise. Read ways to protect yourself from this form of identity theft.