A recent cyber incident highlights how initial access brokers and threat actors are using compromised employee identities from info-stealer infections to gain unauthorized access to corporate Single Sign-On (SSO) gateways like F5 Big-IP and Fortinet firewalls. By purchasing or scraping logs from these infections, attackers obtain valid credentials meant for ADFS or OWA and use them in credential stuffing campaigns until they breach the systems. The compromised edge devices act as proxies to launch attacks against other critical infrastructure points. Organizations must enhance their security measures beyond just patching vulnerabilities by actively monitoring dark web activities and cybercrime databases to preemptively secure employee identities from being weaponized.
Read the full article at Malware Analysis, News and Indicators - Latest topics
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
