Attackers using compromised credentials accounted for 29% of data breaches, according to Verizon’s 2019 Data Breach Investigation Report. The unauthorized access at Boost Mobile is what Byron Rashed, VP of marketing, Centripetal, called a classic example of a series of events that enables threat actors to infiltrate networks and exfiltrate customer data and/or personally identifiable information."
Byron Rashed, VP of Marketing at Centripetal Networks:
“Usually, a compromised credential from a third-party breach starts the process. The threat actor can use various unsophisticated/sophisticated techniques to either obtain a password or crack a hashed password. Once an account is compromised, the threat actor can find a way into the network and access various databases,” Rashed said.
“The credentials can be a typical customer/user and/or an admin that has network access. Threat actors can leverage various tools and social media to find out information on users/admins and obtain a password (such as the names of spouses, children, pets, etc.) and try different combinations using automated tools.”
In addition to urging customers to follow the security strategies set forth by the Federal Trade Commission, Boost Mobile sent temporary PIN code via text message, reminding customers to avoid combinations such as "1234" or "0000."
“The best defense against attackers using stolen credentials is to use a password that is unique with various characters and one that does not contain anything that is specific to the individual as noted,” Rashed added.
“On the network defense side, shielding against known IPs, domains, and other sources is critical. Most breaches come from known sources. To shield these sources from the onset greatly increases the organization’s security posture.”