Full Report
In the last newsletter of the year, Thorsten recalls his tech-savvy gift to his family and how we can all incorporate cybersecurity protections this holiday season.
Analysis Summary
# Main Topic
Cybersecurity awareness and defense implementation strategies promoted during the holiday season, specifically focusing on mitigating identity-based threats like compromised credentials and encouraging adoption of stronger authentication methods like Multi-Factor Authentication (MFA) and Passkeys.
## Key Points
- Identity-based attacks, notably exploiting valid accounts, remain the most observed means of initial access (fourth consecutive quarter).
- The author shares a personal anecdote highlighting the difficulty in achieving high user adoption for security upgrades (hardware MFA tokens), even as gifts to family members.
- Password managers and avoiding browser credential storage are strongly advocated for better account hygiene.
- Passkeys are identified as an emerging standard supported by over 20% of the top 100 websites.
- **Mitigation Nuance:** While hardware tokens are robust, any form of MFA, even TOTP in a software container, provides significant improvement over passwords alone.
## Threat Actors
- Not explicitly detailed in relation to a specific campaign, but the context implies reliance on **Opportunistic Threat Actors** leveraging readily available stolen credentials.
- Mention of celebrity account compromises (e.g., Mbappe as an example context) highlights the ubiquitous nature of credential theft targeting individuals.
## TTPs
- **Valid Accounts:** Identified as the most prevalent initial access method.
- **Credential Theft:** Implied by the recommendation to check breach data and avoid browser storage (relevant to info-stealers).
- **MFA Bypass:** Mentioned as a topic explored in related analysis ("How are attackers trying to bypass MFA").
## Affected Systems
- **Consumer Devices/Ecosystems:** Linux, Macs, Windows, Androids, and iOS were referenced in the context of needing cross-platform solutions.
- **General Online Accounts:** Any service that relies on passwords and supports MFA/passkeys.
## Mitigations
- **Authentication Implementation:** Advocate for and enable Multi-Factor Authentication (MFA) on all available services; any MFA is better than none (including TOTP software solutions).
- **Password Management:** Encourage the use of password managers (paid or open-source alternatives).
- **Credential Storage:** Avoid storing credentials in web browsers due to risk from info-stealers.
- **Adoption of Passkeys:** Utilize passkeys where services support them.
- **Awareness:** Share resources with loved ones (e.g., `hxxps://haveibeenpwned[.]com/` or `hxxps://sec[.]hpi[.]de/ilc/?lang=en`) to check for exposed emails.
- **Hardware Tokens:** While technically robust, adoption may be low unless the user base is security-aware.
## Conclusion
The primary threat vector detailed is the ongoing success of identity-based attacks relying on compromised credentials. While technically robust solutions like hardware tokens exist, user adoption challenges persist. Organizations and individuals must prioritize user-friendly security measures like widespread MFA adoption and future-proofing with passkeys, coupled with robust user education on password hygiene, to counter the continually observed use of valid credentials for initial access.