How to protect your organization’s single sign-on credentials from compromise

Half of the top 20 most valuable public U.S. companies had at least one single sign-on credential up for sale on the Dark Web in 2022, says BitSight.

Single Sign-On Concept - SSO - Authentication Technology That Allows Users to Log In with a Single ID to Independent Apps and Devices within a Network - 3D Illustration.
Image: Adobe Stock

Single sign-on, or SSO, is considered an effective method of authentication because it reduces the need for passwords and lets users authenticate across different applications and systems with just one single set of credentials. But what happens if your SSO credentials are compromised by attackers and used against you? A report published Monday by cybersecurity reporting service BitSight discusses the theft of SSO credentials and offers advice on how to protect your own organization from this threat.

By allowing the same credentials to access disparate systems, SSO offers several benefits, with three specific ones outlined by BitSight. Fewer account credentials means fewer targets for phishing attacks. Less time dealing with login attempts means more time that your employees can devote to critical tasks. And fewer credentials means fewer password resets and other issues for your help desk and IT staff.

How are cybercriminals accessing SSO credentials?

The number of new SSO credentials for sale on the Dark Web jumped in June and July of 2022.
The number of new SSO credentials for sale on the Dark Web jumped in June and July of 2022. Image: BitSight

The downside with SSO credentials is they’re greatly desired by cybercriminals who can use them to gain access to a variety of applications and systems. Analyzing the Dark Web, BitSight found that 25% of the companies on the S&P 500 and half of the top 20 most valuable public U.S. companies had at least one SSO credential for sale in 2022.

Since January of 2022, there’s been a steady growth in the number of SSO credentials from public companies for sale on the Dark Web, according to BitSight. In June and July, more than 1,500 new credentials became available for sale. Though all kinds of companies are vulnerable, most impacted were those in the technology, manufacturing, retail, finance, energy and business services sectors.

SEE: Mobile device security policy (TechRepublic Premium)

What can happen if SSO credentials are compromised?

In an attack against SSO vendor Okta in January of 2022, cybercriminals used the stolen credentials from one of the company’s vendors to breach Okta itself. In the end, Okta cut off its relationship with the vendor. In another incident, a large phishing attack compromised almost 10,000 login credentials and more than 5,000 multi-factor authentication codes from 136 different companies. Affected organizations included Twilio, Cloudflare and Okta.

“Credentials can be relatively trivial to steal from organizations, and many organizations are unaware of the critical threats that can arise specifically from stolen SSO credentials,” said BitSight co-founder and CTO Stephen Boyer. “These findings should raise awareness and motivate prompt action to become better acquainted with these threats.”

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

How can organizations protect their SSO credentials?

To protect your organization’s SSO credentials from compromise and Dark Web sales, BitSight offers the following three tips:

Don’t rely just on traditional multi-factor authentication

By using phishing campaigns, attackers can steal SSO credentials even if you’ve enabled MFA. How? A cybercriminal targets your employees with a phony login page. An unsuspecting recipient enters their credentials as well as their MFA code, giving the attacker access to the account and any authorized data and applications.

Turn to adaptive MFA

Adaptive MFA improves on traditional authentication by assigning contextual rules and guidelines to decide whether to grant the login request. For example, this method looks at such factors as location, day and time, consecutive login failures and source IP address to help determine if the request is coming from the actual user.

Consider universal two-factor authentication

Universal two-factor authentication, or U2F, typically uses a physical security key or fob as a single sign-in method. Since a physical key is required for authentication, any fraudulent attempts to steal the credentials will fail. A recent cyberattack against content delivery network Cloudflare was prevented due to the company’s use of U2F keys.

“Businesses need to be aware of the risks posed by their major IT vendors,” Boyer said. “As we’ve seen repeatedly, insecure vendor credentials can provide malicious actors with the access they need to target large customer bases at scale. The impact of a single exposed SSO credential could be far reaching.”

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.