There’s a lot of focus, especially in movies and TV, on ultra sophisticated methods to break into organisations. But why go to all that fuss when you can buy someone’s creds for $10 (or less) and work on the basis that they’ve probably reused them across multiple accounts…:
Israeli-based cybersecurity firm Kela says more than 500,000 leaked credentials belonging to more than two dozen leading gaming companies were on sale on the dark web. The researchers noted that gaming firms with stolen employee credentials faced various threats, including ransomware attacks and fraud.
The researchers also noted that selling initial access tools was a booming underground business as threat actors sought more effortless ways to infiltrate corporate networks.
Contrarily, the researchers discovered that the credentials could also be obtained for free or for as little as $10. The report noted that employees remained the main entry point of corporate breaches, making cybersecurity training necessary.