Compromised Credentials, Account Takeover, and Intelligence-Driven Password Policies
February 13th, 2020 | 11 AM ET
As the methods used by threat actors to steal credentials evolve and leaked data is readily available online, defenders are at an ongoing disadvantage and increasingly vulnerable to account takeover, fraud, and misuse.
During this webinar, Flashpoint analysts will examine how visibility into the illicit communities where credentials are leaked can help organizations establish or refine password policies. We’ll cover:
- Sources: The various cybercrime communities where threat actors solicit, share, and sell password information
- Lifecycle: How quickly breached credentials are acquired and made available on illicit communities, how long they are circulated and at what price, and how the threat actors who purchase these credentials attempt to monetize them
- Economy: How brute force software is developed, what VPS and proxies are preferred by threat actors, and the division of labor between actors acquiring credentials and those conducting exploitation and monetization.
- Evolution: How credentials are changing, from username password to cookies, secret questions, API keys, and cryptographic signatures