1. Weak Or Stolen Credentials
Phishing was four times higher in 2012 breaches when compared to the previous year. Valid account credentials were used by every threat actor. Financially motivated cybercriminals often brute force their way into organizations, exploiting weak passwords in point-of-sale systems. Meanwhile, nation-state sponsored targeted attackers are more discreet, using phishing or malware laden file attachment to quietly steal credentials from end users or trick them into giving up their username and password. Two-factor authentication can help thwart the use of valid credentials, Verizon said.