Cybersecurity: the theft of credentials is consolidated as one of the main means of attack against companies

According to a recent global report by Kaspersky Security Services, credential theft and abuse, as well as attacks based on the use of valid accounts, are among the most effective tactics used by cybercriminals. This trend reflects a strategic change in the behavior of attackers, who are no longer relying on easily detectable malware to opt for the use of legitimate access that allows them to go unnoticed and evade security controls.

MIRA: WhatsApp usernames generate alerts for risk of identity theft

“While the world once again looks at soccer and major international competitions, Latin American organizations face an equally challenging, although much quieter game: that of cybersecurity. The problem is that many companies continue to look at the wrong scoreboard. While they celebrate having complied with basic controls or incorporated new tools, attackers are already playing with artificial intelligence, automation and tactics capable of breaching traditional defenses in a matter of minutes,” says Andrea Fernández, general manager for the South Latin America region at Kaspersky.

“Anatomy of a Cyber ​​World” is a global report based on data collected by Kaspersky’s Managed Detection and Response (MDR), Incident Response (IR), Compromise Assessment and SOC Consulting services. The report analyzes the detection techniques, tools and scenarios most used by malicious actors, in addition to identifying the main characteristics of the incidents observed worldwide.

According to the document, a significant part of the most frequently detected attack techniques revolve around credential and identity management. The analysis examines the conversion rates1 of various indicators of attack (IoA) and highlights the following most common malicious tactics:

This technique consists of attackers systematically trying different password combinations until they gain access to an account. It tops the list of most effective methods due to its frequent appearance in both real attacks and authoritative security assessments, making it a persistent threat in today’s cybersecurity landscape. The use of weak, predictable or reused passwords by organizations continues to facilitate the success of this strategy, one of the oldest, but still in force.

Once they gain entry to a system, attackers often create new local accounts to maintain access even if the original entry point is detected and removed. This technique is frequently observed both in real incidents and in security exercises and can be identified, but only when organizations have adequate monitoring and visibility mechanisms, something that still remains a common lack in many infrastructures.

Instead of deploying malware, attackers use stolen or compromised credentials to log in and blend in with normal user activity. This makes it considerably difficult to detect, as the access appears legitimate. The high effectiveness of this technique demonstrates why compromised credentials continue to be one of the most dangerous attack vectors for organizations.

Attackers modify existing accounts to consolidate and expand their access to the compromised environment. This may include activating disabled accounts, changing user groups, or escalating privileges. This practice reinforces an increasingly common trend: instead of introducing new tools or malware, cybercriminals take advantage of the resources and access that already exist within the organization to strengthen their control and go unnoticed.

Before launching a deeper attack, cybercriminals scan the organization’s infrastructure to identify vulnerable systems and access paths. Spotting these early signs can make the difference between a contained incident and a more impactful security breach.

Additionally, the report ranks the techniques used by attackers based on the frequency with which the observed activities led to confirmed malicious incidents. According to Kaspersky experts, while the MITER ATT&CK framework documents a wide variety of tactics employed by threat actors, effective detection requires prioritizing those behaviors most likely to represent malicious activity, while avoiding generating an excess of false positives.

“The report highlights four techniques related to credential abuse and one related to discovery in the top 5. Credential abuse remains effective because it takes advantage of a critical gap in the security of organizations: the difficulty in distinguishing between legitimate access and malicious one. When an attacker enters with a valid account, his movements can appear to be part of normal business activity, allowing him to go unnoticed, escalate privileges and stay within the compromised environment. This scenario demonstrates that protecting an organization is no longer just about blocking malware, but about understanding how it is users behave, detect anomalies and react before a compromised access becomes a major incident,” says Eduardo Chavarro, director for the Americas of the Global Incident Response Team at Kaspersky.

“Beyond technology, the greatest vulnerabilities tend to be in people and processes. Without adequate training and risk management, organizations can develop a false sense of security. According to data from Kaspersky, 70% of business leaders in Peru consider that their cybersecurity approach is proactive. However, for many companies the game only begins when they have already received the first goal, reacting to the incident instead of anticipating threats before they come into play,” says Fernández.

To reduce this risk, experts recommend:

· Strengthen identity and access management: It is not enough to create users and passwords. Organizations should periodically review which accounts are still active, what permissions they have, whether there are inactive users or excessive privileges, and apply the principle of least privilege so that each person has access only to what they need to fulfill their functions.

· Strengthen authentication controls– Multi-factor authentication, along with robust password policies, helps reduce the impact of credential theft or reuse. Even if an attacker obtains a password, a second layer of verification can prevent them from accessing the organization’s critical systems.

· Have advanced detection and response capabilities– Services such as Managed Detection and Response, Incident Response, and SOC support allow you to continuously monitor behavior within the network, identify suspicious activity, respond quickly to incidents, and contain threats before they escalate. This is key because, when faced with credential abuse, the challenge is not always detecting a malicious file, but rather recognizing anomalous behavior carried out from apparently legitimate accounts.

“In cybersecurity, as in sport, the most important matches are not won only by reacting quickly, but by understanding the game before the rival. The most prepared organizations are not necessarily those that invest the most resources, but those that manage to identify risks in advance, properly prioritize their efforts and convert digital security into a strategic capability to protect their operations and sustain their growth,” concludes Fernández.

By Editor

One thought on “Cybersecurity: the theft of credentials is consolidated as one of the main means of attack against companies”
  1. Activity
    El crecimiento de las clínicas de test en la medicina moderna – HedgeDoc
    Actualidad y evolución de la tapicería en Castellón – HedgeDoc
    El papel esencial de los tapiceros en la decoración contemporánea – HedgeDoc
    Servicios de tapicería asequibles en la Comunidad Valenciana – HedgeDoc
    El auge de la tapicería en la Comunidad Valenciana – HedgeDoc
    El papel creciente de los tapiceros Valencia en la renovación de interiores – HedgeDoc
    Servicios de tapicería y decoración en la Comunidad Valenciana – HedgeDoc
    Jugos Aloe Vera
    El mercado de la tapicería en la Comunidad Valenciana – HedgeDoc
    Tapiceros cerca de mi: Tendencias y opciones para la decoración de interiores – HedgeDoc
    Beneficios del aloe vera para un estilo de vida activo – HedgeDoc
    La salud bucal como prioridad en la comunidad de Aravaca – HedgeDoc
    Clínica dental cerca de mí Aravaca: la creciente demanda de servicios odontológicos locales – HedgeDoc
    La mejor clínica dental en Madrid centro: una mirada a la excelencia odontológica – HedgeDoc
    Nueva referencia en salud bucal: la mejor clínica dental en Madrid centro – HedgeDoc
    La excelencia dental en Aravaca: una mirada a la práctica odontológica moderna – HedgeDoc
    Blanqueamiento dental en casa vs en clínica: ¿qué opción es más eficaz? – HedgeDoc
    Cómo encontrar un dentista cerca de mí Aravaca y cuidar tu salud bucal – HedgeDoc
    Diferencias entre carillas tradicionales y carillas sin tallado – HedgeDoc
    Nueva clínica dental en Aravaca: una apuesta por la salud bucal de la comunidad – HedgeDoc
    Qué son las microcarillas: todo lo que debes saber – HedgeDoc
    Clinica Dental Aravaca
    Qué son las mechas balayage y por qué se han convertido en la tendencia favorita del color de cabello – HedgeDoc
    Importancia de la salud bucal en la vida cotidiana – HedgeDoc

Leave a Reply