Credential Theft is On the Rise and the Target is Core Cybersecurity Administrators

Your identity has been stolen. It sounds so chilling to hear something like this, along with a sudden feeling of anxiety and helplessness in the situation and the fact that you don’t even know who stole your credentials. Things get muddier if the information stolen were your administrative credentials for your central cybersecurity system.

As credential theft cases are increasing in number with insider based attacks, the infrastructure that protects your data is now the main target of hackers, as they are no longer just going after production or outer systems. According to a report, credential theft losses are estimated to be $20 billion in the US in 2023 and have affected 15.4 million folks.

Credential theft is not new

Credential theft is not a new problem to break on our heads, it’s been a problem for very long. Back in 2022, the BBC broke a story about a man in India who impersonated as the missing son of a landlord family in India. He deceived them for 41 years. Using their son’s ID, the man got a national identity card, paid taxes, went to college, and even got a gun license. He also sold 37 acres of the family’s property. 

Looking at the lucrative benefits, you now have an idea why impersonators do it in the first place. But the guy finally went to jail, so not everything that shines is gold. And yes, no online hackers were involved in this case.

In this cyber age, no one is coming to break in, they don’t even need to apply clever tricks and hacks, Just a password and a username, and the data is gone. Especially data admins in companies have become the primary target of impersonators. 

Artificial intelligence is also here to pour some fuel on the fire, as with its assistance, hackers can design more sophisticated approaches to attack and deploy them more efficiently. It can be anything like some phishing schemes based on generative AI, some new tricks of impersonation, or using deep fakes, but convincing the victim by luring them into something is the most favorite and easy way of getting credentials as you hand them over unintentionally. Remember the news when a British Parliamentarian provided the phone numbers and email addresses of his colleagues to a honey trapper?

Cost of cybercrime

Coming to our core topic, with most of our data now available online, from healthcare databases to dating sites that your wife may not know, securing all this is important. Nowadays, hackers are after passwords, names, and financial records, which they may use themselves or sell on the dark web. Supply chain attacks are perhaps the biggest in the history of cyberattacks in recent years. Gartner, which is an analyst firm, has said that by 2025, 45% of organizations will be impacted in one way or another by supply chain attacks globally.

According to US Deputy National Security Advisor for Cyber and Emerging Technologies, Anne Neuberger, the average cybercrime cost annually is expected to be more than $23 trillion for the year 2027. It is to be mentioned that just a year ago, in 2022, the figure was $8.4 trillion.

A Verizon report named “2023 Data Breach Investigation Report” mentions that the human factor is the most prevalent threat vector and the reason for 74% of cases of data breach. Humans are also behind stealing credentials and phishing attacks. The latter one is mostly carried out through emails in hopes that someone will provide information or at least click a link that can lead to further misuse. 

The consequences of cyberattacks on businesses can last for years from the time they were first initiated. For a clear understanding, take into account criminal investigations, lawsuits, media backlash, and increases in insurance rates, altogether, these elements can bankrupt any firm.

The source of inspiration for this news can be seen here.