• Partners
  • Contact Us
  • Client Support
Coretelligent
  • About
    • Why Choose Coretelligent As Your Managed Service Provider?
    • Core Values
    • Leadership
    • Testimonials
    • Careers
  • Digital Transformation
    • DTS Overview
    • Data Analytics, Data Management, and Business Intelligence Insights
    • Compliant Infrastructure for Life Sciences
    • Workflow Automation
  • Managed IT Services
    • Overview
    • Security & Compliance
    • IT Compliance for Financial Services
    • Comprehensive IT Support
    • IT Planning & Strategy
    • Unified Cloud Management
    • Backup & Disaster Recovery
    • Co-Managed Services
  • Industries
    • Overview
    • Financial Services
    • Life Sciences
    • Professional Services
  • IT Resources
    • Resource Library
    • Blog
    • On-Demand Webinars and Videos
    • Press Releases
    • Media Coverage
  • Contact
  • Search
  • Menu

Insights Articles

Our Information Technology Views and Articles

OCIE Alert: Protecting Client Data from Credential Stuffing

Insights
September 28, 2020

Only two months after releasing an alert on ransomware, The Office of Compliance Inspections and Examinations (OCIE) once again released a cybersecurity alert advising SEC registrants of an increase in cyberattacks. This time the focus was on credential stuffing. In a successful credential stuffing attempt, an attacker will gain access to client accounts, sensitive data, and the company network using stolen credentials.

Hackers have been focusing their credential stuffing attacks on institutions within financial services. They are hoping to access client accounts, personally identifiable information (PII), and financial assets. ZDNet reported that attackers used credential stuffing on a NY-based investment firm and an international money transfer platform sometime between the summer of 2019 and earlier this year. The attacks caused outages, which resulted in $2 million in lost revenue.

How Does Credential Stuffing Work?

Credential stuffing is when a hacker uses stolen credentials to gain access to user accounts and networks. Attackers create automated scripts to test thousands of credentials on multiple web applications. Hackers use tools to make it seem like their scripted login attempts are the regular activities of thousands of people. The tools make the logins appear as though they are coming from different browsers and IP addresses.

The reason credential stuffing is so successful is because many people use the same username and password for multiple accounts, e.g., their bank, email, and social media. According to INC., around 66% of Americans reuse passwords. Let’s say your employee uses the same credentials for accessing the company network and their online bank account. If a hacker breached your employee’s bank, the attacker now has user credentials for your network. This is why it’s critical to have a password policy.

Breach after Breach

Hackers can obtain user credentials using many different techniques. For a credential stuffing attack, user accounts typically come from a prior breach. Attackers may have their own database of usernames and passwords from previous hacks, or they could purchase databases from the Dark Web. Disturbingly it seems to be a growing trend for hackers to publish stolen credentials on forums for free. One of the largest stolen credential databases is known as “Collections #1-5”. According to Wired, the collections include around 2.2 billion usernames and passwords.

If a hacker can gain credentials for client accounts or your network, they will more than likely sell them on the Dark Web. Unfortunately, that means you are more likely to be breached again as a result. Data breaches are more than an inconvenience and bad public relations. Security incidents and breaches can cause damages like:

  • Noncompliance
  • Downtime
  • Lost Revenue
  • Litigation Fees
  • Reputational Damage
  • Business Closure

It can take years for a company to overcome the challenges caused by a data breach.

Protecting Client Accounts and PII

OCIE recommends the following cybersecurity practices to mitigate the risks associated with credential stuffing:

Create Strong Passwords and Do Not Reuse Them

The unfortunate truth is humans are one of the top causes of data breaches. Human behavior is often predictable, and hackers use this to their advantage. Two common password faux pas are weak passwords and reuse of passwords. Creating weak passwords makes it easier for hackers to guess your passwords. Reusing the same password for multiple accounts means that if a hacker has access to one account, they have access to all your accounts.

Protect client accounts and PII by reviewing and updating policies and procedures. Have a password policy that requires employees and clients’ passwords to be strong and regularly updated. Require users to have unique passwords for each account they access. Having strong passwords dedicated to specific accounts will limit the amount of damage a hacker can do with stolen credentials.

Implement Multi-factor Authentication

By having multi-factor authentication (MFA), a hacker would need more than a username and password to access an account. MFA requires additional factors like a code via text or application. Even if a hacker has obtained your credentials from the Dark Web, they more than likely will not have access to your phone.

Deploy CAPTCHA

When logging into your web-based email, you have probably been prompted to identify streetlights in a series of images. You may remember nervously trying to determine if a few corner pixels counted as a streetlight so that you could continue to your inbox. It’s okay; we have all been mistaken for a robot by CAPTCHA at least once. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Just as it sounds, CAPTCHA asks users to complete a task to prove they are human and not a bot or automated script. This test prevents automated scripts containing stolen credentials from being able to access your accounts.

Actively Monitor Your Network

Some organizations don’t realize for weeks or even months that their network experienced a breach. Businesses may think because they have some form of monitoring, it will detect cybersecurity events. There are different types of monitoring, and not all systems can identify and respond to cybersecurity incidents. To detect suspicious activities and incidents, you need to actively monitor your network around the clock. Remember, hackers use tools to mask their activity as normal user behavior. Find an IT partner with cybersecurity experts who can use forensic analysis to understand the activities on your network.

Find a Cybersecurity Partner

As cybercriminal’s tactics become, more sophisticated breaches have become less about if and more about when. Stolen credentials can create a domino effect causing one breach to lead to another. Businesses need comprehensive cybersecurity solutions to mitigate their risks and stay compliant. Work with a cybersecurity partner like Coretelligent. Our CoreArmor cybersecurity solution provides real-time protection and threat intelligence to safeguard your systems and ensure you are aligned with regulatory standards.

Do you have questions about maintaining security and compliance? Coretelligent can help! Give us a call at 1-855-841-5888 or contact us today.

Read our blog for more information on OCIE’s recent ransomware alert.

by Jen Wallace
« Think About IT: Vulnerability ManagementEmail Security Threats: You’ve Got Malware »

Latest Insights / Articles

January 9, 2023

What is SOX Compliance & What are the Requirements? (2023 Update)

January 8, 2023

Financial Services Compliance: What to Know in 2023

January 6, 2023

What Is Cyber Insurance Compliance? What You Need to Know

January 4, 2023

What is Cyber Hygiene & Why is it Important? (Best Practices)

Read our Latest Resources
Digital Transformation Case Study

Leveraging Digital Transformation: A Multiphase Case Study

Download Now
Compliant Infrastructure Case Study

Therapeutics Company Benefits from Compliant Infrastructure

Download Now
On-Demand Webinar: Solving Compliance & Cybersecurity for Financial Firms

On-Demand Webinar: Solving Compliance & Cybersecurity for Financial Firms

Download Now

About

  • Why Choose Coretelligent As Your Managed Service Provider?
  • Core Values
  • Leadership
  • Testimonials
  • Partners
  • Careers

Solutions

  • Overview
  • IT Planning & Strategy
  • Comprehensive IT Support
  • Security & Compliance
  • Unified Cloud Management
  • Backup & Disaster Recovery
  • Co-Managed Services
  • Digital Transformation Services

Industries

  • Overview
  • Financial Services
  • Life Sciences
  • Professional Services

Contact

Sales & Support: 1-855-841-5888

Email: info@coretelligent.com

Support Service Center

Let’s Talk

Schedule a no-obligation consultation.

Contact Us Today

Locations

Atlanta

Boston

Chicago

Dallas

Houston

Los Angeles

Maryland

New York

Philadelphia

Portland

San Francisco

Stamford

Tampa

Washington, D.C.

West Palm Beach

Virginia

Follow Us

  • Facebook
  • Twitter
  • LinkedIn

© 2022 Coretelligent. All rights reserved.

Privacy Policy

CCPA Privacy Notice

Scroll to top