Credential Harvesting

Dictionary Term

•  Compile bibliography

Alternative Forms

N/A

Definitions

Definition 1

Credential harvesting designates is a class of attacks cyberattacks characterized by the collection of identity attributes and credentials with the objective of compromising or abusing their linked identities.

Credential harvesting involves gathering information on multiple indiscriminate identities in the hope of at least exploiting some of them. In this respect, credential harvesting is distinct from attacks that target a specific identity.

Credential harvesting may be subdivided into two subclasses:

• Credential harvesting in the reconnaissance phase of an attack where identity attributes such as email addresses or login ids are guessed or collected from available data sources. Often, the confidentiality of these identity attributes cannot be effectively assured but they are not sufficient to exploit the identities.Credential harvesting in preparation for the exploitation phase of an attack where for reconnaissance. This cyberattack consists of guessing or collecting identity attributes that are not sufficient to exploit identities but that are often publicly or easily available, e.g. email addresses collected by web scraping or login ids collected by guessing naming conventions. This attack may be used in the reconnaissance phase of a larger attack or for phishing purposes.

• Credential harvesting for exploitation. This cyberattack consists of guessing or collecting confidential or vulnerable identity attributes or credentials such as passwords or session tokens are collected to enable the compromise of identitiesthat may be effectively leveraged to compromise identities in preparation for the exploitation phase of the attack, e.g. scanning configuration files for passwords, reading plaintext cached credentials stored in-memory, collecting session tokens from web cookies. This attack may be used for initial exploitation and/or lateral movement.

Credential harvesting may be designated by the identity attribute or credential that is being harvested, e.g.: email addresses harvesting or password harvesting.

Example identity attributes or credentials that may be collected as part of credential harvesting areinclude:

• Email address

• Login ID

• Password

• Password hash

• Private key

• Session token (e.g. web cookies or web parameters)

Example classes of actors threat actor classes who may engage in credential harvesting include:

• Bots

• Humans

• Worms (ex: Nimba)

Example data sources used to harvest credentials:

• Configuration files (e.g. plaintext passwords)

• Databases

• Documents (e.g. email addresses, login ids, passwords)

• Email or application services that allow guessing attributes/dictionary attacks

• Identity repositories (e.g. LDAP, Windows Active Directory)

• In-memory data (e.g. login ids, plaintext passwords, session tokens)

• People (through social engineering)

• Phishing websites (e.g. login ids, passwords, second authentication factor)

• Reusable identity attributes or credentials obtained from previous data breaches

• Web cookies,

• Web query parameters

• Web sites, social networks, and forums (e.g. email addresses via web scraping)

• Windows registry

Example countermeasures that may be effective against credential harvesting comprise:include:

• Access controls / need-to-know

• Canary identities

• Disabling credential caching

• Digital Rights Management (DRM)

• Encryption

• Hardware Security Module (HSM)

• Multi-Factor Authentication (HSM)

• Password Managers

• Privileged Access Management (PAM)

• Security awareness programSecuring confidential informationprograms

• System hardening

Sample Sentences

Conceptual Diagram

Related Terms

Quotes

Bibliography

• ^①

  Anchor
  test-2021 test-2021

• ^②

  Anchor
  test-2021 test-2021

• ^③

  Anchor
  test-2021 test-2021

• ^④

  Anchor
  test-2021 test-2021

• ^⑤

  Anchor
  test-2021 test-2021

• ^⑥

  Anchor
  test-2021 test-2021

• ^⑦

  Anchor
  test-2021 test-2021

• ^⑧

  Anchor
  test-2021 test-2021

See Also