Priya Patel
TLDR:
- CISA warns about the risk of credential access in FY23 risk & vulnerability assessment
- IBM’s X-Force Threat Intelligence Index 2024 also identifies credential access as a significant risk
In the Fiscal Year 2023 (FY23) Risk and Vulnerability Assessment (RVA) Analysis, CISA highlights the threat posed by credential access in compromising critical infrastructure. The report emphasizes the tactics used by threat actors to gain unauthorized access to systems. IBM’s X-Force Threat Intelligence Index 2024 echoes this sentiment, identifying credential access as a top threat to organizations worldwide. Both reports stress the importance of implementing multi-factor authentication, securing privileged accounts, and regular monitoring to mitigate the risks associated with credential access.
While CISA’s report illustrates real-world campaigns like the Volt Typhoon, which targeted Fortinet Fortiguard devices using credential dumping, IBM’s report emphasizes how credential access allows attackers to blend in with legitimate users. The combination of poor password hygiene, lack of multi-factor authentication, and human error remains significant weaknesses exploited by attackers. Organizations are urged to take immediate action to strengthen defenses against credential attacks.
