MENU

Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
ANTI-CYBERCRIME GROUP
Camp BGen Rafael T Crame, Quezon City
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

ACG-CYBER SECURITY BULLETIN NR 186: Understanding Online Credential Theft Technique

Reference Number ACG-CSB 042120186

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY

Cybercriminals have become extremely sophisticated and specific when targeting organizations and their users. They often work to identify the users and their device/s that will provide access to an influx of sensitive and highly confidential data, such as financials.

Different kinds of credentials are used by billions daily to authenticate themselves in their physical and digital lives. From physical keys to tokens and cards, to digital private keys, session cookies, digital certificates, to cryptocurrency wallets, login and password combinations which are all vulnerable to cyber-attack.

Cybercriminals use a variety of methods for stealing credentials, depending on their skill set and resources. One of the easiest ways to collect credentials from their victims is using phishing as an attack vector. This technique is normally accessible to a wide range of criminals and does not require a great deal of resources.

Phishing is a seminal technique used by cybercriminals to steal credentials and Personally Identifiable Information (PII) from its victims. It remains one of the most effective attack vectors, since it is normally used together with social engineering techniques to extract information from its victims. It begins with an e-mail. The sender tries to make the victim follow a link and enter credentials or PII information.

The success of the attack often depends on the level of social engineering and quality of communication. Other phishing attacks may use SMS messages (smishing) or voice calls (vishing), rather than e-mails to extract confidential information from the victim. In recent years we have observed evolution in techniques, including the use of control panels to manage phishing campaigns and to store stolen credentials.

Phishing remains a big problem and a highly successful method used by cybercriminals for credentials theft by luring of individuals into providing sensitive data such as PII, financial details and passwords. Though the attacker profile performing phishing attacks is usually less sophisticated than counterparts utilizing malware or performing major banking fraud, it is still a persistent threat which all organizations should be aware of.

Credential-based attacks open the door for more repeatable attacks, as they allow threat actors to take on the personality of an individual that is authorized to access targeted data, making every attack an insider threat.

Credential-based attack is the process of stealing credentials. Attackers commonly use phishing for credential theft as it is a cheap and extremely efficient tactic. The effectiveness of credential phishing relies on human interaction to deceive employees, unlike malware and exploits, which rely on weaknesses in security defenses.

Corporate credential theft is usually a targeted effort. Attackers scour social media sites such as LinkedIn, searching for specific users whose credentials will grant access to critical data and information. The phishing emails and websites utilized in corporate credential theft are much more sophisticated than those used for consumer credential theft. Attackers put a great deal of effort into making these emails and websites look nearly identical to legitimate corporate applications and communications.

RECOMMENDATION

All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of online credential theft:

• Be wary of unsolicited emails and phone calls;
• Block usage from unlikely or unknown applications and websites;
• Keep operating systems and devices up to date;
• Conduct regular vulnerability assessments;
• Train employees on how to create strong passwords and detect phishing or spear-phishing; and
• Use encryption, endpoint security and traffic monitoring tools.

For additional information, please refer to the following websites:

• https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack
• https://awakesecurity.com/glossary/credential-theft/
• https://www.blueliv.com/resources/reports/The_credential_theft_ecosystem.pdf

POINT OF CONTACT

Please contact PMAJ ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.