DTEX i³ Threat Advisory Reveals Growing Risk of Credential Abuse by Outside Adversaries

In today’s digital age, where the line between personal and professional life is increasingly blurred, the storage of corporate credentials on personal accounts has emerged as an attractive vector for outside adversaries. DTEX i³ has released a new Insider Threat Advisory highlighting the growing risk of credential bleed between corporate and personal endpoints, and the subsequent threat of credential abuse.

Corporate credentials and personal devices: The perfect storm for a blended attack

As remote work and bring-your-own-device (BYOD) policies have become ubiquitous in the modern workforce, employees often find themselves managing both personal and corporate accounts on the same devices. This convenience, however, comes with a steep security price. As the advisory notes, we only need to look at the news headlines to see the ramifications of credential abuse.

The fact is, once corporate credentials are compromised, attackers can gain access to sensitive corporate systems, bypass security protocols, and cause significant harm. This exploitation of internal access by an outside party is the perfect example of a blended attack.

How credential misuse can lead to a domino effect

The advisory offers a comprehensive analysis of this growing threat, drawing on several public incidents. Of particular interest is the scenario in which a user stores corporate credentials via their personal password manager or webmail account at the browser level, increasing exposure and potential for a domino effect.

Employees may knowingly or unknowingly store their corporate credentials in personal password managers, assuming these tools provide adequate security. However, personal devices are often less secure than enterprise-grade solutions. They may lack the necessary security updates, encryption, and monitoring that protect against unauthorized access. When personal accounts sync across both corporate and personal environments, the user’s personal device becomes a prime target for malicious threat actors.

Proactive mitigation starts with visibility

The latest Threat Advisory offers several technical and non-technical controls to mitigate the risks of credential bleed and subsequent credential abuse from outside adversaries.

These controls range from detections through MFA brute force to behavior detections comparing changes in user activity, preventing employees’ from signing into their personal accounts on organization-controlled browsers and devices, and employees’ reporting of suspicious activity like multiple MFA requests.

The advisory also makes mention of DTEX’s recently released HTTP inspection capabilities, which uniquely provides visibility to detect when corporate credentials are being stored on personal password managers at the browser level.

By leveraging these capabilities, organizations can gain a more holistic gauge of their overall risk profile and make strategic decisions on what rules to implement to protect against credential compromise.

Applying a multi-layered approach to defense

The release of DTEX i³’s latest Threat Advisory serves as a crucial reminder that the convenience of storing corporate credentials on personal devices and personal accounts, such as password managers, comes with significant risks. As cybercriminals continue to exploit these vulnerabilities, organizations must take proactive steps to secure their credentials and protect their sensitive data.

By adopting the strategies outlined in the advisory and leveraging advanced inspection capabilities, businesses can mitigate the risks associated with credential misuse to protect their most sensitive assets and people.