Updated: Mar 21
Recent Reddit Breach Underscores the Ease at which Hackers Can Simply “Log In”
Reported in mid-February, a notable breach at Reddit laid out how cybercriminals seek to undermine the power of even the most robust passwords as well as two-factor authentication (2FA) tokens – all through sophisticated phishing that look and felt like the real deal when an employee clicked a redirect to a fake yet convincingly similar-looking site.
The prevalent social news aggregation company, which allows users to submit content and images, etc. that are then openly voted upon, said it discovered a security incident that enabled threat actors to access business systems, internal materials and even some of its code. Reddit said production systems weren’t touched.
According to reports, the attack began on February 5 and specifically targeted its employees’ credentials. Those highly targeted phishing schemes were clearly the instrument of choice – and they were ultimately successful, gaining one specific employee’s username and password for the company’s intranet portal. The Hacker News reported that the employee self-reported the incident.
But the result, according to Reddit’s statements, included access to contact information for both current and former employees in addition to advertiser data. Although financial data or other more detailed personally identifiable information (PAA) may have been involved in this attack, contact information alone can be an extremely helpful tool both in potentially determining other credentials for individuals as well as for future phishing endeavors.
Identity threat detection and response (ITDR) solutions, if deployed properly, help to consistently and powerfully avoid this reliance on self-reporting by the employee or waiting until something worse happens to identify problems related to the initial credential misuse. Through a comprehensive graph-based mapping of all activity in a network (that enables full visibility into what all identities are doing, and from where), ITDR prevents such attacks by noticing and immediately triggering customized actions when identities take action outside of their usual habits, duties, frequency or geography, etc.
Without ITDR, the “power” of convincing phishing attacks shines through because it minimizes aspects of proactive training provided to employees. Afterall, some webpages can look nearly or even identical to the legitimate webpage or internal portal site. In that case, there are only a small, limited number of indicators that employees can look out for in order to stop a phishing attack in its tracks before the bad guys get their hands on credentials.
Gaining the peace of mind that ITDR serves as the constant eyes and ears in the background not only stands as a great accompaniment to training, but it bolsters security posture and brings new levels of both protection and efficiency through its ability to find what needed authentication is missing, what’s happening that shouldn’t be, and what assets need attention or booting altogether.
To learn about AuthMind’s unique ITDR capabilities or to schedule a demo, click here.