With 265.52 million detections on over 8 million endpoints, a report highlighted that credential theft and identity compromise have become key avenues for large-scale cyberattacks on Indian IT companies. The threat landscape is marked by continuous automated attacks, with stolen login credentials being increasingly utilized as effective entry points for cyber assaults. Attackers leverage these credentials to move laterally, escalate privileges, and execute data exfiltration or ransomware operations.
Trojans, constituting nearly 43% of detections, are commonly used to harvest login details, acting as the primary payload in these cyber incidents. Phishing, malware, and compromised applications are combined to obtain credentials, which are then traded on dark-web platforms. Indian IT firms are at heightened risk due to their reliance on cloud services, remote access systems, and third-party connections, making them vulnerable to credential theft attempts.
The report emphasized the vulnerability of Indian IT companies, given their extensive use of cloud platforms and third-party integrations. A compromised credential can lead to breaches involving personal data, employee records, and intellectual property, potentially resulting in compliance violations and financial penalties. To address these risks, organizations are urged to adopt an identity-first security approach, implementing zero-trust frameworks, enforcing multi-factor authentication, and monitoring credential exposure outside organizational boundaries.
