In the world of identity threats, it is crucial to distinguish the various ways in which an entity can be identified and authenticated in a system. While the majority of interactive intrusions detected by Falcon OverWatch involve the abuse of valid accounts, primarily through combinations of usernames and passwords, it is common for intrusions to exploit other authentication factors and identifying materials.
Cybersecurity confronts us with a variety of methods for identification and authentication, each with its own strengths and weaknesses. From the classic combination of username and password to sophisticated biometric authentication, such as facial and voice recognition, the digital security landscape is diverse.
Thus, the current state of abuse of digital identities highlights attackers' intentions to go beyond usernames and passwords. Our analysis indicates that the use of technologies like Single Sign-On (SSO) and Second Factor Authentication (2FA) or Multi-Factor Authentication (MFA) could incentivize threat actors to employ more sophisticated methods parallel to classic authentication approaches.
Image #1 (Figure 7.): Commonly Observed Methods of Identification and Authentication - CrowdStrike Threat Hunting Report 2023
Some of the most frequent methods of identification and authentication, from the classic use of usernames and passwords to advanced technologies such as facial recognition and security tokens.
Comments