The Cyber Threat Perspective (Replay) HACKERS: How we GET IN and how to STOP US
Nov 15, 2023
Discover the top methods attackers use to gain access, including credential stuffing and password spraying. Learn how to detect compromises and reinforce defenses with multi-factor authentication. Dive into web app vulnerabilities, where small apps pose big risks. They highlight effective phishing techniques and how to bolster email defenses. Plus, many security solutions are low-cost or even free! Get ready to close those security gaps!
AI Snips
Chapters
Transcript
Episode notes
Credential Attacks Dominate Initial Access
- Credential attacks are the single most successful initial access vector on penetration tests.
- They outperform other methods by an order of magnitude according to Brad Causey.
Enforce MFA And Dark-Web Monitoring
- Enable MFA on all public-facing accounts and services without exception.
- Monitor for credential compromises and reset exposed corporate credentials promptly.
Leaked Third-Party Credentials Are High Value
- Credential stuffing leverages leaked credentials from third-party breaches to access corporate accounts.
- Fresh compromises matter most; attackers prioritize recent leaks.