Identity has always played a significant role in organizations. Today, identity-based threats take up the lion’s share of major risks. Microsoft recently stated that Microsoft cloud identities face an average of 4,000 password attacks per second.
Protecting user data is the number one priority for cybersecurity professionals, but doing so is made nearly impossible by the absence of multi-factor authentication. Lack of MFA makes users vulnerable to phishing, credential stuffing, and brute force attacks.
The ability to detect and stop identity-based attacks is critical because attackers can masquerade their way through authentication and authorization checks as a result of a successful password attack.
Seven types of identity-based attacks
The impact of identity-based attacks is hard to quantify and new attack methods are gaining momentum. Here is a list of popular password attacks currently used by threat actors:
- Credential stuffing: This happens when cybercriminals use stolen login credentials from one system to attempt to access an unrelated system.
- Golden ticket: This is an attempt to gain access to a domain by accessing user data stored in an identity and access management solution such as Active Directory.
- Silver ticket: This happens when a forged authentication ticket is used to access resources for specific services.
- Kerberoasting: This is a post-compromise attack technique that attempts to crack the passwords associated with the service account within the Active Directory.
- Man-in-the-middle: This happens when an attacker eavesdrops on a conversation between two people by sitting between a network user and a web application.
- Pass the hash: This happens when a hacker steals a “hashed” user credential and uses it to create a new user session on the same network.
- Password spraying: This is a brute force technique that involves using a single common password against multiple accounts.
The difference between identity management and authentication
A gap exists between knowledge, awareness, and the capacity to deploy effective cybersecurity strategies. Stakeholders need to be aware of the difference between identity management and authentication.
Get insight into seven defense evasion techniques legacy AV can’t stop
Identity management refers to a service that identifies individuals and controls their access to system resources through user rights and restrictions.
Authentication is the process of determining whether a source of data is in fact what it says it is. This is sometimes called origin integrity. New layers of authentication are often used to protect organizations.
If you want to protect sensitive information, getting visibility into your security posture is the best place to start. CrowdStrike created this whitepaper that explains how today’s IT environments create opportunities for cybercriminals to launch identity-based attacks.
Discover the key capabilities that you should be looking for in a solution.
