In 2024, infostealer diseases and data breaches fueled a vicious circle, which had a significant impact. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort technology of popular internet tasks — including those regularly performed by attackers.
Stolen qualifications: The computer murderer’s preferred weapon in 2024
In 2023/24, stolen certificates were the top target of 80 % of web application attacks and the main target of a breach. Not surprising when you consider the fact that billions of leaked credentials are in circulation online, and attackers can pick up the latest drop for as little as$ 10 on criminal forums.
The promotion of high-profile breaches in 2024, such as the attacks on customers using credentials found in data breach dumps and affected certification feeds from infostealer and mass phishing campaigns, has benefited the legal marketplace for stolen credentials, which has resulted in the compromise of 165 customer tenants and hundreds of millions of broken records.
However, even though the effect of identity-based assaults is extraordinary in 2024, there is still a lot of unfulfilled potential for identity thieves to know.
Login attack technology — what’s changed with the transition to SaaS?
Credential packing and savage force are not brand-new, and they have been a crucial part of the digital attacker toolkit for decades. However, it’s not quite as simple as sprinkling certificates across techniques as it once was.
No more one-size-fits-all
Business IT is now composed of hundreds of web-based apps and platforms, creating thousands of identities per firm, in contrast to a single unified system with apps and data contained within an infrastructure boundary.
In contrast to being stored exclusively in identity systems like Active Directory, this also means that identities are now implemented using common protocols and mechanisms and decentralized and distributed throughout the internet.
While HTTP ( S ) is standard, modern web apps are complex and highly customized, with a graphically-driven interface that is different every time. And to make matters worse, modern web apps were created specifically to stop unauthorized automation through automated process automation like CAPTCHA.
So instead of having to deal with standard protocols and being able to write a single set of tools for any organization or environment ( for instance, write a DNS scanner once, use a single port scanner like Nmap for the entire internet ), write a single script per service ( such as FTP, SSH, Telnet, etc. ). for your password sprayer — custom tool development is instead required for every app that you want to target.
Finding the needle in the needle
There are more credentials to work with as well, which means there are more places for attackers to include in the scope of their attack.
There are around 15 billion compromised credentials available on the public internet, not including those found only in private channels/feeds. This list is growing constantly, with and 493M unique website and email address pairs added to Have I Been Pwned from infostealer logs just last month.
Although this may seem frightening, it’s challenging for hackers to use this information. The vast majority of these credentials are old and invalid. Less than 1 % of stolen credentials included in threat intelligence feeds from a multi-vendor data set were actionable, according to a recent analysis of TI data by Push Security researchers. In other words, 99 % of compromised credentials were false positives.
As the Snowflake attacks demonstrated, which successfully used credentials dating back to 2020, not all of them are pointless. So there are clearly treasures waiting to be discovered by attackers.
Attackers are made to give priority.
Because of the distributed nature of apps and identities and the low reliability of compromised credential data, attackers are forced to prioritize despite a target-rich environment of hundreds of business apps, creating thousands of sprawled identities per organization:
- Writing and running custom python scripts for every single app ( there are more than 40k SaaS apps on the internet ) is not realistic. Even if you placed in the top 100 or 1000, that would be a significant task that would necessitate constant maintenance while only scratching the surface of the total opportunity.
- Controls like rate limiting, CAPTCHA, and account lockouts can obstruct mass credential stuffing against a single app, even when fully scripted and using a botnet to distribute the attack and prevent IP blocking. And a concentrated attack on a single site is going to generate significant levels of traffic if you want to get through 15 billion passwords in a reasonable timeframe, so it’s very likely to raise the alarm.
Therefore, attackers typically aim for a smaller number of apps and only look for credentials that match directly ( for example, the stolen credential must be associated with an account on the target app ). When they do attempt something new, it is typically focused on a particular app or platform ( like Snowflake ) or looking for a specific set of credentials ( such as credentials that are clearly associated with edge devices, for more traditional network environments ).
A missed opportunity?
Despite these limitations, we’ve already established that the situation with credential stuffing attacks is already quite bad. However, things could be much worse.
Password reuse means a single compromised account could turn into many
Instead of focusing on a select group of high-value apps, attackers could profit from all-too-common password reuse by expanding the scope of their attacks to target a wider range of apps. In accordance with a recent analysis of identity data, on average:
- 1 in 3 employees reuse passwords
- 91 % of identities don’t have an MFA and have reused passwords.
- A non-unique password is present in 10 % of IdP accounts (used for SSO ).
What does this mean? There’s a good chance that a stolen credential can be used to access at least one account from more than one app if it is legitimate.
Imagine the scenario: A recent compromised credential leak from infostealer infections or credential phishing campaigns demonstrates that a particular username and password combination is valid on a particular app, let’s say Microsoft 365. Now, this account is pretty locked down — not only does it have MFA, but there are conditional access policies in place restricting the IP/location it can be accessed from.
This is typically where the attack would end, and you would then turn your attention elsewhere. What if these credentials were visible to every other business app the user has an account on?
Scaling credential attacks with Computer-Using Agents
The impact of AI on identity attacks has been confined to the use of LLMs for the development of phishing emails, for AI-assisted malware development, and for social media bots, which are both significant but not particularly transformative and necessitate constant human oversight and input.
However, this may change with the release of OpenAI Operator, a novel” Computer-Using Agent.”
Operator is trained on a specialist dataset and implemented in its own sandboxed browser, meaning it is able to perform common web tasks like a human — seeing and interacting with pages as a human would.
Operational is a much more scalable option for attackers looking to target a large range of websites and apps, unlike other automated solutions, which requires no custom implementation or coding to interact with new sites.
Demo: Using Operator to carry out credential-stuffed attacks at-scale
Researchers at put the malicious use-cases of Operator to the test, using it to:
- List of apps that can be used to find out which businesses have tenants who have already been listed.
- Using a given username and password, try to log into various app tenants.
]embedded content]
summary of the impact
The outcomes were pretty eye-opening. The operator clearly demonstrated the ability to target a list of apps with compromised credentials and perform in-app actions. Think about these x10, x100, x10, 000 problems. However, the purpose of the CUAs Operator is not to address complexity but scale. Imagine a world where you can orchestrate Operator windows via API and get it to execute these actions simultaneously ( functionality that exists already for ChatGPT ).
This, however, is more significant than Operator; it is about the technology’s future. OpenAI may place restrictions, such as better in-app guardrails, rate restrictions on concurrent tasks and overall usage, etc. But you can guarantee it won’t be the only CUA — it’s only a matter of time before similar products emerge ( maybe even inherently malicious ones ) making use of the same technology.
Final thoughts
Although it’s still early days for CUA tech, it’s obvious that this particular type of AI-driven automation could only make an already difficult security issue worse. While the ability to target a broad set of apps has been previously beyond the scope of traditional automation, it’s about to become much more accessible to even low-skilled attackers ( think: next gen script kiddies? …
Another way to consider it is that it effectively assigns a human attacker a fleet of under-the-radar interns who are only occasionally checked in while you work on other, more challenging tasks. So, a bit like a red team manager of AI bots.
Operator allows attackers to leverage compromised credentials more effectively, take advantage of the numerous vulnerable and misconfigured identities, and use them to launch systemic breaches. In some ways, it might alter how credential stuffing was before the shift to cloud apps, where you could spray thousands of credentials across your targets without ever needing custom development.
Thankfully, no new anti-AI capabilities are required — but it’s more important than ever that organizations look to defend their identity attack surface and find and fix identity vulnerabilities before attackers can take advantage of them.
Find out more.
Check out if you want to learn more about identity theft and how to stop them. You can schedule a demo or test out their browser-based platform for free.
And if you want to see them demo more malicious use cases of Operator, check out this on-demand webinar.