The qualification stuffing attack had a major impact in 2024, spurring the vicious cycle of infectious diseases and data breaches at Infostealer. However, things can get worse with computer-used agents, a new kind of AI agent that allows for low-cost, low-cost automation of common web tasks, including those that attackers often perform.
Stolen Credentials: Weapons of Choice for Cybercriminals in 2024
Stolen credentials were the number one attacker action in 2023/24, and were a 80% violation vector for web app attacks. It’s not surprising given the fact that billions of leaked qualifications are circulating online and attackers can get the latest drops on crime for just $10.
The crime market for stolen credentials is profiting from the publicity of 2024 violations. For example, we used credentials found in data breach dumps and infostealer breach and entitlement supply breach from a massive phishing campaign, resulting in the complexity of 165 customer tenants and hundreds of violation records.
However, despite 2024 being an unprecedented year in terms of the impact of identity-based attacks, there are still many possibilities that attackers cannot achieve.
Credential Attack Automation – What has changed with the shift to SaaS?
Brute’s enforcement and qualification packing are not new, but have been a key component of the cyberattacker toolkit for decades. However, it’s not so easy to spray credentials automatically across the system as automatically as it used to be.
There is no fit for any size
Rather than a single centralized network with apps and data contained around the infrastructure, businesses are now formed with hundreds of web-based apps and platforms, creating thousands of identities per organization.
This means that it is stored only in identity systems such as Active Directory and not implemented using common protocols and mechanisms, but also IDs are distributed and distributed throughout the Internet.
HTTP is standard, but modern web apps are complex and highly customized, with graphical driven interfaces that vary each time. Worse, modern web apps are specifically designed to prevent malicious automation through bot protection like Captcha.
So rather than being able to encounter standard protocols and write a single set of tools to use in any organization/environment, for example, write a single script per service (FTP, SSH, Telnet, etc.) using a single port scanner like NMAP across the internet, for example, to create a DNS scanner once.
Finding needles in the haystack
Not only does there be more environments that attackers will include within the scope of their attack, they also have more credentials.
Public Internet has around 15 billion compromised credentials and does not include anything found only in private channels/feeds. This list is constantly growing. It has been using PWNed from Infostealer Logs last month, with the addition of an unprecedented 244m password and a unique 493m website and email address pair.
This sounds scary, but it’s difficult for attackers to take advantage of this data. Most of these credentials are old and invalid. A recent review of TI data by push security researchers found that less than 1% of the stolen qualifications included in threat intelligence feeds from multivendor datasets are feasible.
But not all of them are useless – they made good use of their credentials dating back to 2020, as demonstrated by snowflake attacks. Therefore, there is clearly a treasure waiting to be discovered by the attacker.
Attackers are forced to prioritize
The distributed nature of apps and identities, as well as the unreliability of compromised qualification data, forces attackers to prioritize them.
Writing and running custom Python scripts for all apps (there are SaaS apps over 40k on the internet) is not realistic. Even if you do the top 100 or 1000, it is an important task and barely damage the surface of total opportunity, while requiring constant maintenance. Even if you’ve fully scripted and distributed attacks using a botnet to avoid IP blocking, controls like rate limiting, Captcha, account lockouts, and more can interfere with a large amount of credentials for a single app. Additionally, a centralized attack on one site generates a significant level of traffic if you want to run 15 billion passwords in a reasonable time frame, making it very likely to raise alarms.
Therefore, attackers tend to target a small number of apps, and only look for direct matches regarding the attempted credentials (for example, stolen credentials must belong directly to the target app’s account). When you chase new things, you tend to focus on a specific app/platform (such as Snowflake).
Did you miss the opportunity?
As we have established, despite these restrictions, the situation regarding credential stuffing attacks is already pretty bad. However, things can get much worse.
Password reuse means that a single compromised account can change to many
If attackers were able to increase the scale of their attacks and target more apps rather than focusing on a list of more value apps, they could take advantage of password reuse, which is too common. A recent survey of identity data shows that on average:
1 in 3 employees reuse passwords 9% of identification have reused passwords, and MFA has no 10% of IDP accounts (used for SSO).
What does this mean? If stolen credentials are valid, there is a higher chance that multiple apps can use to access multiple accounts (at least).
Imagine a scenario: Recent compromised qualification omissions due to Infostealer infections or qualification phishing campaigns indicate that certain username and password combinations are valid for certain apps. For example, use Microsoft 365. Now, this account not only has an MFA, but also has a conditional access policy that allows you to access your IP/location.
Usually this is where the attack ends and you will focus your attention on something else. But what if you could spray these credentials on all other business apps that the user has an account?
Scaling qualification attacks by computer-using agents
Until now, the impact of AI on identity attacks has been limited to phishing email creation, AI-assisted malware development, and the use of LLMS for social media bots.
However, this may be about to change with the launch of Openai Operator, a new kind of “computer-using agent.”
The operators are trained on specialized datasets and implemented in their own sandbox browser. This means you can perform common web tasks like humans.
Unlike other automated solutions, operators do not require custom implementation or coding to interact with new sites, making it a much more scalable option for attackers looking to target a wide range of site/app sweeps.
Demo: Use operators to carry out a credentialed stuffing attack at scale
Push Security researchers have led operator malicious use cases to test and use them below:
Identify which companies have existing tenants in the list of apps that attempt to log in to various app tenants using the provided username and password
Impact overview
The results were pretty impressive. The operator clearly demonstrated its ability to target a list of apps whose credentials were compromised and perform in-app actions. Next, consider this x10, x100, x10,000. These are not complicated tasks. But the value of CUAS operators is not addressing complexity, they are addressing scale. Imagine a world where operator Windows can be adjusted via APIs and allow these actions to be performed simultaneously (a feature already present for chatgpt).
But this is bigger than the operator – it’s about the direction of technology. Openai may implement good guardrails in apps, such as rate limiting the number of concurrent tasks and total usage rates, but it’s only a matter of time before similar products emerge (probably inherently malicious).
Final thoughts
It’s still in the early days for CUA Tech, but it clearly shows that this particular form of AI-driven automation can exacerbate the already serious security challenges. The ability to target a wide set of apps previously exceeded traditional automation, but even less skilled attackers are likely to become much more accessible (the next Gen Script Kiddies?).
Another way to think about it is to effectively give human attackers a fleet of low-level interns who have no idea what they are doing, but they can sometimes be instructed to check in and perform specific, itemized tasks while working on other, more complicated tasks. So it’s like the red team manager of an AI bot.
Operators mean that attackers can leverage compromised credentials at scale, leverage the vast number of vulnerable and misunderstood identities, and translate them into systematic breaches more easily. In a way, you can cram in your credentials a little more, just like before you shifted to cloud apps. Here you can spray thousands of credentials on your targets without the need for custom development each time.
Thankfully, new anti-AI capabilities are not needed, but it is more important than ever for organizations to protect the surface of identity attacks and identify and fix identity vulnerabilities before attackers can take advantage of them.
Please see more
Check out Push Security if you want to learn more about identity attacks and how to stop them. Book a demo or try our browser-based platform for free.
Also, if you want to demonstrate more malicious use cases for operators, check out this on-demand webinar.
Source link
