Another password manager breach – practical tips to protect stolen credentials

In light of recent password manager breaches, our experts have provided tips on how to protect your organization from compromised credentials.

In recent weeks, cybersecurity has once again been thrust into the spotlight with the news that both LastPass and Norton LifeLock, two popular password management services, have been targeted in cyberattacks, resulting in the compromise of customer password manager accounts.

According to reports, more than 6,000 Norton LifeLock customers may have suffered credential stuffing attacks, which have compromised their personal data. The LastPass attack, which occurred shortly before the Norton LifeLock breach, has brought into question the security of such platforms, which are specifically designed to safeguard personal information.

Are passwords managers safe?

Experts have pointed out that password managers offer widely varying levels of security and that it is important for customers to research their chosen solution thoroughly before entrusting their sensitive data to it.

One of the primary reasons why these attacks are so dangerous is that there is often very little that can be done to identify and detect an intruder who is using known or trusted credentials to gain access to a system. This is why it is crucial for companies to proactively monitor for leaked credentials and alert security teams to reset passwords upon discovery, to reduce the risk of a data breach or ransomware attack. For organizations using Active Directory, this is automated with Specops Password Policy’s Breached Password Protection that forces a password change at next logon if a user password appears in a breached password list.

Unfortunately, the threat posed by stolen credentials is all too real, and it is not just small or obscure businesses that are at risk, as evidenced in these latest breaches. Some of the most high-profile ransomware attacks of recent years, such as the Colonial Pipeline takedown, have been carried out using stolen or compromised passwords.

Considering these recent attacks, it is more important than ever for individuals and businesses alike to prioritize cybersecurity and take steps to protect their sensitive information. By taking proactive steps to protect ourselves and our data, we can form a basic defense to reduce the risk of becoming the next victim of a cyberattack.

Building a base defense

One of the most important steps that individuals and businesses can take to protect themselves is to use unique passwords for each site and account, which reduces the likelihood of multiple logins being compromised in the event of a breach. Employers have a responsibility to regularly monitor and enforce password changes to reduce the window of opportunity for cybercriminals. Leading organizations such as the NCSC recommend a regular, proactive approach focused on real-time security network monitoring to reduce the risk of scheduled password changes being exploited by hackers.

Another effective way to secure your organization is to incorporate multi-factor authentication. This requires users to confirm their identity using additional forms of authentication beyond just usernames and passwords. This additional layer of security makes it more difficult for attackers to access your organization’s files – even if they have obtained stolen credentials.

Password managers can also be a great first line of defense against breaches, despite these latest headlines, provided they form the first line of defense in an overall more robust security strategy. These tools automatically generate unique, high-strength, random passwords for each site and app and store them in an encrypted digital vault that can be accessed from any device running any operating system. Password managers help employees avoid using recycled passwords and can keep private information safe from cybercriminals.

But as we’ve seen, these tools are not flawless, and it would be remiss of any organization to trust the security of their credentials in these alone. So, while these tools and practices can help protect your organization, it’s important to remember that cybercriminals are always evolving their tactics, and breaches can still occur despite your best efforts. That’s why it’s important to stay up to date with the latest security measures and work with cybersecurity experts to develop a comprehensive security plan that addresses your organization’s specific needs.

Relying on a solid security strategy

In conclusion, protecting your organization from the risks of stolen or compromised credentials is crucial in today’s cyber landscape. By taking proactive steps to protect your sensitive information, you can reduce the risk of becoming the next victim of a cyberattack, but these steps alone aren’t enough.

Instead, organizations should combine practical tools with robust, reliable services from cybersecurity experts if they are to build a defense that can withstand whatever’s lurking outside their perimeter.

One such service is threat intelligence, complete with real-time detection tools – such as Outpost24’s Threat Compass. Real-time detection can be invaluable in mitigating risks posed by stolen credentials. By proactively monitoring stolen login data and alerting IT security to reset passwords or check for suspicious activities, your organization can reduce the chances of falling victim to ransomware attacks, like those from Conti to REvil, who leverage stolen credentials to gain access to your systems.

Threat Compass’ credential retrieval module is a powerful tool designed to detect compromised credentials in real-time and recover those belonging to customers, internal users, or third-party suppliers. By blocking infections at the source, you can prevent large-scale data breaches that could potentially impact your entire organization.

By combining our advanced threat solutions with proper security hygiene, today’s organizations can stop stolen credentials – and the risks they pose – in their tracks.