Many organizations rely on multi-factor authentication (MFA) for identity security. But, while MFA provides an extra layer of security, it’s not enough to secure credentials, often creating a false sense of security. As an example, a new threat from cybercriminal group, Lapsus$ Group, appeared on the FBI's most-wanted list in March 2022, with one attack vector standing out: identities compromised with Infostealer Malware. In most cases, when the infection goes unnoticed, this malware obtains credentials saved in victims’ browsers. Hours, days, or years later, credentials to corporate or personal infrastructures are obtained by threat actors, who are able to seamlessly hijack sessions undetected, by appearing as an employee. In this session we will look at the leaked credential data cluster that Recorded Future built to understand how this affects customers and what actions that can be taken.
Slides from the presentation will be visible on this site if the speaker in question wishes to share them.
Please note that you need to be signed in in order to see them.