Page 129 - Cyber Defense eMagazine June 2024
P. 129

What's in an Identity?

            A user's digital identity is no longer limited to an email - or username - and password. With the ever-
            increasing amount of data we share online, criminals have access to an ever-increasing pool of personally
            identifiable information (PII) available for potential attacks.

            SpyCloud found over 200 unique types of personally identifiable information (PII) on the darknet in 2023,
            including  birthdates,  credit  cards,  passport  details  and  social  security  numbers.  User  identities  have
            expanded to include hundreds of data types, like national ID's, location information, social handles and
            more. Cybercriminals are leveraging the resulting datasets to dramatically increase the scope of their
            attack patterns.

            By combining seemingly disparate data types, attackers can piece together information and perpetrate
            cybercrimes like identity theft, fraud, and next-generation account takeover. Our research suggests that
            over 74% of people exposed in breaches reused compromised passwords, increasing the likelihood that
            a lucky criminal strikes gold.

            As our digital identities expand beyond legacy account-based credentials, our protections must shift to
            stay relevant to new trends.



            "C is for cookie and cookie is for me." – Cookie Monster

            Criminals'  use  of  users'  session  cookies  to  perpetrate  sophisticated  cyber  attacks  is  another  trend
            resulting from expanded digital identities. Over 20 billion cookie records were exposed on the darknet
            last year, with an average of more than 2,000 records stolen per malware-infected device. These cookies
            equip criminals with all the information they need to carry out attacks, like session hijacking, which is
            when criminals seize control of an existing online session using stolen cookies.

            Often obtained via infostealer malware, attackers put these cookies into so-called "anti-detect" browsers,
            which  allow  them  to  bypass  traditional  authentication  protections  and  mimic  users,  especially  when
            combined with information like the victim's IP address and other host information. These attacks provide
            threat actors with the same rights and permissions as the legitimate user, making them exceedingly
            difficult to detect.

            Passkeys and multifactor authentication (MFA) don't protect against these attacks—session hijacking
            bypasses the authentication process entirely. And even sophisticated methods of detecting anomalous
            behavior,  like  device  fingerprinting,  can  be  bypassed  using  criminal  residential  proxies  and  other
            cybercrime enablement services. With malware-driven attacks rising in popularity, organizations need to
            understand the threat malware poses and how to mitigate it.



            Malware is Exposing Identities Like Never Before

            Over 61% of data breaches in 2023 were malware-related. While information stealing malware is not a
            new concept, it has never before been as accessible and feature-rich as it is today.




            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          129
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   124   125   126   127   128   129   130   131   132   133   134