Compromised Credentials: The Silent Threat Costing Australian Businesses Millions.
According to the January-June 2024 OAIC Data Breach Report, 83% of cyber-related breaches resulted from compromised credentials (OAIC Notifiable Data Breaches Report). Threat actors continue to exploit stolen credentials to infiltrate Australian networks, execute ransomware attacks, and steal sensitive data. The need for real-time detection and rapid response to compromised credentials has never been more critical.
Cybercriminals are increasingly turning to stolen session cookies to bypass traditional authentication measures. Instead of logging in with stolen credentials, attackers use active session tokens to pick up where a legitimate user left off, effectively sidestepping multi-factor authentication (MFA). SpyCloud reports that millions of session tokens are stolen each month, granting attackers immediate and persistent access to sensitive accounts and systems (SpyCloud 2024 Identity Exposure Report). This tactic enables criminals to move laterally through an IT environment undetected, steal intellectual property, commit fraud, and deploy ransomware with minimal resistance.
With default Office 365 sessions lasting up to 90 days, attackers who steal session cookies via infostealer malware can access enterprise accounts for months without needing passwords. Infostealer malware infections have become one of the most effective tools for cybercriminals, silently collecting and exfiltrating sensitive data from compromised devices. These infections are often spread through phishing emails, malicious websites, and drive-by downloads, making them a persistent and growing threat. Once an infostealer infiltrates a system, it can harvest login credentials, session cookies, and other authentication tokens, providing attackers with the ability to bypass security measures and infiltrate corporate networks unnoticed. This makes detecting and terminating compromised sessions a critical priority for security teams.
Stolen credentials—usernames, passwords, API keys, and authentication tokens—are widely available on the dark web. The SpyCloud 2024 Identity Exposure Report reveals that 60-70% of individuals reuse passwords across multiple accounts, making it easy for cybercriminals to conduct large-scale credential stuffing attacks. Automated attack tools allow threat actors to test stolen credentials across multiple systems, potentially unlocking a treasure trove of sensitive data. The recent FAST HTTP attack against Microsoft Office 365 users illustrates how high-speed credential stuffing is growing in sophistication and frequency (Forbes, January 16, 2025).
The Australian Signals Directorate (ASD) 2024 Cyber Crime Report highlights a disturbing trend: C-suite executives are prime targets due to their privileged access to financial systems and critical infrastructure (ASD 2024 Cyber Crime Report). Once attackers infiltrate an executive’s account, they can rapidly escalate privileges, exfiltrate data, and conduct large-scale fraud.
Organisations must adopt proactive monitoring to detect compromised credentials before they are exploited. SpyCloud’s solutions offer real-time dark web monitoring and automated response capabilities, helping organisations identify compromised credentials early, automate response actions, and extend protection beyond employees to third-party vendors and partners.
Organisations need a multi-layered approach to combat the rise of credential-based threats:
- Implementing phishing-resistant MFA significantly reduces the success rate of credential stuffing and session hijacking attacks.
- Reducing session lifetimes—such as shortening Office 365’s default 90-day session expiration—limits exposure in case of a breach.
- Enhancing employee security awareness through training helps prevent credential theft.
- Enforcing robust password management mitigates the risks of credential reuse.
- Deploying intrusion detection and monitoring tools can identify unusual login patterns in real time, preventing brute-force and credential stuffing attacks.
The OAIC Notifiable Data Breaches Report, ASD 2024 Cyber Crime Report, and SpyCloud’s latest findings all underscore the growing scale of credential-based attacks. With cybercriminals refining their techniques, organisations must adopt next-generation security solutions like SpyCloud to stay ahead.
By integrating real-time credential monitoring, automated remediation, and dark web intelligence, businesses can significantly reduce their attack surface and prevent unauthorised access before it escalates into a full-blown security incident.
Cybercriminals are already leveraging stolen sessions and credentials—don’t let your organisation be their next victim. Proactive defence starts with SpyCloud.
