以前の記事では、資格情報搾取の問題の定義をしました。この問題は、大規模なログイン資格情報の悪 用を特徴とする攻撃の方法論を用いています。私たちは、攻撃者が他の場所でダンプされた資格情報を 再利用し、どのようにアカウントの乗っ取るのかについて大きく焦点をあてました。私たちまた、そのような攻撃に対して、防御するための適切な防御フレームワークについても議論しました。今日のポストでは、従来の「資格情報の検証」やブルートフォース攻撃よりも深刻な問題が発生する事例について です。また、同じ防御フレームワークが、さまざまな自動化された攻撃を防御するのに役立つことを理 解できます。
Hi, I am Mayank Dhiman, and I am the Principal Security Researcher here at Stealth Security.
In our earlier post, we defined the problem of Credential Exploitation, an attack methodology characterized by the abuse of login credentials at scale. We focused largely on how attackers takeover accounts which are reusing credentials that have been dumped elsewhere. We also discussed the proper defensive framework to defend against such attacks. For today’s post, we’ll make the case that the problem runs deeper than traditional “credential verification” or brute-force attacks, and that the same defensive framework can help defend against a wide variety of automation-based attacks.
For today’s post, we’re classifying a new and increasingly common type of attack that our research team has been following — Credential Exploitation. Our definition of Credential Exploitation is an increasingly popular attack methodology characterized by the abuse of login credentials at scale. Specifically, it targets the Application Interfaces of Web, mobile, and API end-points. These attacks encompass the misuse of credentials for Account-Take-Over (ATO) attacks, Credential Brute-force, and abuse of API keys to take advantage of API endpoints. As the Principal Security Researcher here at Stealth Security, I’m leading a team that has carefully reviewed these attacks in volume. This is our overview of our findings regarding the source of this issue, as well as what can be done to mitigate its impact.
Hello, Michael Barrett here, co-founder and CEO of Stealth Security.
Recently, news has started to come out about the fact that an attacker known as the Turkish Crime Family has penetrated the accounts of many of Apple’s iCloud customers. The total number is still unknown but is claimed to be hundreds of million. At this point, rather than trying to monetize the breached accounts directly, the attacker is simply holding Apple ransom and is demanding bitcoin in return for not harming those customers. This use of an indirect ransom for monetization is a logical next step for attackers. Some commentators have claimed that the number of breached accounts is considerably smaller than the attackers claim. This could of course be correct, but in a real sense it’s irrelevant – this is about what the attacker might be capable of doing.