Security News > 2024 > August > Point of entry: Why hackers target stolen credentials for initial access
Criminals increasingly deploy stolen credentials to gain initial access to user accounts, bringing new demands for security.
Credentials can also be guessed through approaches like brute force attacks, where cybercriminals deploy tools that test password combinations continuously until they discover the right one.
A compromised SolarWinds password was discovered existing on a private Github repository from June 2018 to November 2019; an intern for SolarWinds had set the password solarwinds123 on an account that was granted access to the company's update server.
Restricting the use of usernames, display names, certain words, consecutive characters, incremental passwords, and repeating parts of previous passwords.
Increasing the overall password security in the environment, enforcing good password hygiene, and eliminating breached, incremental, and otherwise weak passwords help to bolster the security of your Active Directory environment and privileged accounts.
Do you even know the password hygiene of your Active Directory? Better prepare your defenses by scanning for password vulnerabilities in your Active Directory, enabling you to detect weak and compromised passwords.
News URL
Related news
- Hackers steal 15,000 cloud credentials from exposed Git config files (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)