Long before a credential breach becomes public, threat actors in many cases already have been using the stolen username and passwords in different ways, a new study has revealed.
F5 Networks recently analyzed open source information on credential-spill incidents in recent years and discovered that stolen credentials go through five separate phases of abuse from the moment a threat actor first acquires the credentials to when they are subsequently disseminated among other threat actors. The company’s analysis showed that half of all organizations take about 120 days — or four months — to discover a credential breach. And even then, it is only after a third party has informed them about their data being discovered on the Dark Web.
F5 researchers discovered that a lot typically goes on with the credentials in the…