Examine our research from the last year in the ReliaQuest 2024 Annual Cyber-Threat Report
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 26, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
In the coming week, Digital Shadows (now ReliaQuest) will release a research report highlighting the significant risk facing organizations and individuals from the use of weak credentials, which are continuing to provide significant opportunities for threat actors in conducting account takeover (ATO). Of course, this is something we documented in 2020, and two years down the line unfortunately the situation largely remains the same. Raising security awareness of this topic can certainly help—and there are options on hand to assist with managing credentials in a safe manner—but the ATO threat will remain endemic until the problems inherent to passwords are resolved.
In our research report, Digital Shadows (now ReliaQuest) reported on the collation of approximately 24 Billion credentials, which represented a 65 percent increase from our previous report in 2020. Within this data set, approximately 6.7 billion credentials had a unique username-and-password pairing, indicating that the credential combination was not duplicated across other databases. This was 1.7 billion more than found in 2020, highlighting the rate of compromise across completely new credential combinations.
Obviously, the first comment to make is that obviously a significant number of credentials are being breached each day. How big a problem is this? Well Verizon’s recent Data Breach Investigation Report (DBIR) identified that stolen credentials accounted for approximately 50 percent of 20,000 incidents they analyzed. This represented a 30% increase from the previous DBIR that ran in 2017. So almost half of all incidents result from the use of stolen credentials, in some form or fashion.
With companies continuing to rely upon the use of credentials to access online services, this is almost certainly going to continue in the short term, or until businesses shift over to some of the passwordless authentication options that have been floated by the likes of Microsoft. Gartner research predicts more than 20% of customer authentication transactions and 50% of the workforce will be passwordless by 2025. So while there might be light at the end of the tunnel, in the short term passwords will continue to represent the main method for authentication.
In short, extremely easy. Password cracking typically comes in one of two flavors; those that are conducted online—i.e. against a live service—and those that are conducted offline, if the attacker already has access to stored hashes and wants to crack the password on their own system. Offline attacks are much simpler for an attacker as they can be conducted without fear of sounding a network defender’s alarms and otherwise triggering account lockout processes. There are several techniques used by common, off the shelf, password crackers, which can crack the majority of password encryption formats in use today; this includes Microsoft’s LM hash algorithm, MD4, MD5, the SHA hash family, and the Unix crypt format.
In order to illuminate the ease of cracking a password, we solicited the use of the zxcvbn password strength estimator tool. We ran this tool against the top 50 most common passwords that were identified in our dataset of 6.7 billion—which were, as you would imagine, an absolute catastrophe. If you’re still using passwords like, 123456 (which was the most common) qwerty, or DEFAULT, for the love of God, please stop!
Zxcvbn identified that most weak passwords can be cracked in under a second using offline cracking techniques, whilst online techniques were significantly slower. Introducing one or two special characters into a password made a massive difference in the amount of time its take to crack, which can be seen with the mock password highlighted below; of course, we should be clear, having the use of such characters is not a foolproof way of storing passwords, and the longer and more complex, the better.
Another vital stage in the ATO process is credential stuffing, which allows threat actors to verify the use of stolen and/or cracked accounts at scale. Attackers can gain access to accounts through a number of methods, but most come through the use of social engineering attempts like phishing, information stealing malware, or simply purchasing from other third parties. Once the attacker has accounts—and this usually contains hundreds or thousands of distinct accounts—they can run through a dedicated credential stuffing tool to see if the username and password combo are in use at other services.
A good way to think of credential stuffing is obtaining a bag full of keys, and trying to unlock a series of doors. These doors represent the sites and services you use every day; they might open up your social-media accounts, your employer’s external portal login, and―probably most worrying―your bank account. Credential stuffing occurs because users inherently find it easier to simply use a password that they can remember across all their accounts. The classic case of simplicity > security, but that comes at a price. The risk this poses was demonstrated during a recent incident affecting General Motors, who disclosed a credential stuffing attack on 23 May 2022. The attack resulted in an exposure of customers’ data, allowing actors to redeem stolen customer reward points for gift cards. This reportedly resulted from breaches of accounts outside of GM being used on the motoring providers platform.
Our recent blog highlighted that while the future of passwords may be coming to an end, it will likely take a number of years before passwordless authentication options become mainstream across business. With that in mind, what are the best methods to keep yourself safe from ATO? We’ve summarised some of the main points from our upcoming research paper below.
The Photon Research team’s report Account takeover in 2022: The 24-billion password problem details the ATO lifecycle at depth, including how actors are identifying, acquiring, and exploiting stolen accounts to great effect. Be sure to check out this fantastic report following its publication on 15 June 2022.