Credential theft

Summary

Capturing stolen credentials is a useful outcome of modern phishing attacks, even in the era of widespread MFA usage. Stolen credentials can be used to:

• Spray across business apps to take advantage of password reuse and the absence of MFA on apps without MFA enforcement aka. credential stuffing.
• Use alongside SIM swapping and MFA fatigue attacks to bypass MFA for accounts without phishing-resistant MFA enrolled.

Examples

• Example 1: Using stolen credentials to compromise hundreds of Snowflake tenants without MFA
• Example 2: Using stolen credentials to compromise Jira tenants across multiple businesses